CVE-2024-7704 – Weaver e-cology Source Code ecology_dev.zip information disclosure
https://notcve.org/view.php?id=CVE-2024-7704
A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. • https://github.com/Dreamy-elfland/240731 https://vuldb.com/?ctiid.274182 https://vuldb.com/?id.274182 https://vuldb.com/?submit.385494 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-3793 – Weaver e-cology HTTP POST Request filelFileDownloadForOutDoc.class sql injection
https://notcve.org/view.php?id=CVE-2023-3793
A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql injection. Upgrading to version 10.58.0 is able to address this issue. • https://vuldb.com/?ctiid.235061 https://vuldb.com/?id.235061 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •