CVSS: 7.5EPSS: 11%CPEs: 1EXPL: 1CVE-2023-2766 – Weaver OA jx2_config.ini file access
https://notcve.org/view.php?id=CVE-2023-2766
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/8079048q/cve/blob/main/weaveroa.md https://vuldb.com/?ctiid.229271 https://vuldb.com/?id.229271 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2765 – Weaver OA downfile.php absolute path traversal
https://notcve.org/view.php?id=CVE-2023-2765
A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/eckert-lcc/cve/blob/main/Weaver%20oa.md https://vuldb.com/?ctiid.229270 https://vuldb.com/?id.229270 • CWE-36: Absolute Path Traversal •