Vulnerabilities > CVE-2024-3227 - Unspecified vulnerability in Weaver E-Office

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

weaver

NVD

Published: 2024-04-03

Updated: 2025-04-25

Summary

A vulnerability was found in Panwei eoffice OA up to 9.5. It has been declared as critical. This vulnerability affects unknown code of the file /general/system/interface/theme_set/save_image.php of the component Backend. The manipulation of the argument image_type leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259072.

Vulnerable Configurations

Part	Description	Count
Application	Weaver Weaver E Office *	1

References

https://github.com/garboa/cve_3/blob/main/upload.md
https://github.com/garboa/cve_3/blob/main/upload.md
https://vuldb.com/?ctiid.259072
https://vuldb.com/?ctiid.259072
https://vuldb.com/?id.259072
https://vuldb.com/?id.259072
https://vuldb.com/?submit.308750
https://vuldb.com/?submit.308750