admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-12-30 05:41:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/Weaver_OA_PluginViewServlet_Authentication_Bypass_Vulnerability.md
Goby 8d81c91b5c
Create Weaver_OA_PluginViewServlet_Authentication_Bypass_Vulnerability.md 
add Weaver OA PluginViewServlet Authentication Bypass Vulnerability
2023-06-21 17:24:13 +08:00

1.7 KiB
Raw Blame History

Weaver OA PluginViewServlet Authentication Bypass Vulnerability

Vulnerability Weaver OA PluginViewServlet Authentication Bypass Vulnerability
Chinese name 泛微OA办公系统 PluginViewServlet 认证绕过漏洞
CVSS core 8.0
FOFA Query (click to view the results directly) (header="testBanCookie" || banner="testBanCookie" || body="/wui/common/css/w7OVFont.css" || (body="typeof poppedWindow" && body="client/jquery.client_wev8.js") || body="/theme/ecology8/jquery/js/zDialog_wev8.js" || body="ecology8/lang/weaver_lang_7_wev8.js")
Number of assets affected 45034
Description Weaver OA is a professional and powerful multi-functional office management software that supports mobile approval, attendance, query, sharing and other functions, effectively improving the user's office efficiency. There is an authentication bypass vulnerability in Panwei OA weaver.mobile.plugin.ecology.service.PluginViewServlet, and attackers can log in arbitrarily to obtain administrator privileges.
Impact There is an authentication bypass vulnerability in Panwei OA weaver.mobile.plugin.ecology.service.PluginViewServlet, and attackers can log in arbitrarily to obtain administrator privileges.