Weaver Ecology OA v10.57-10.79 Security Update Log: SQLi, XSS, Auth Bypass

Weaver Ecology Security Update Log Summary Vulnerability Overview The Weaver Ecology system (versions 10.57.1 - 10.79) contains multiple security vulnerabilities, primarily including SQL injection, XSS injection, unauthorized access, file upload vulnerabilities, and logic flaws. Some vulnerabilities involve high-risk issues such as sensitive information leakage, permission bypasses, and unauthorized access. Scope of Impact Affected Versions: Weaver Ecology 10.57.1 to 10.79 Affected Modules: - Workflow Service (WorkflowServiceXml) - Form Module (E9 Form Modeling, Group Saving) - Asset Module (E9 Asset Module Printing) - Portal Login (E8 Personnel Card) - Email Attachment Download - Unified To-Do Integration - Mobile Modeling Scan Code - WebService Interface Calls - Body Export Function - Database Connection Pool - File Preview (docx files) - System Cache - User Login - Security Protection Anomalies - Weak Password Protection - IP Blacklist - Malicious IP Access Remediation Solutions 1. SQL Injection Vulnerability (2024-07-18, v10.64.1) Vulnerability Description: This addresses cases where vulnerabilities were still detected after upgrading to the 10.64.1 patch for the WorkflowServiceXml SQL injection issue. (Note: The report indicates that the cause was the POC using for testing; this syntax was allowed for business system compatibility, resulting in a false positive.) Remediation Advice: Upgrade to v10.64.1 or higher Check if the business system uses bypass techniques such as Use parameterized queries or strict filtering for SQL injection points 2. XSS Injection Vulnerability (2023-07-11, v10.58.1) Vulnerability Description: Fixed XXE injection vulnerability (Note: The title says XXE, but the description refers to XSS). Remediation Advice: Upgrade to v10.58.1 or higher Perform HTML entity encoding on user input Enable CSP (Content Security Policy) strategies 3. Database Connection Pool Leakage (2023-05-15, v10.57.2) Vulnerability Description: Fixed issues where database connection pool leakage occurred in some environments after upgrading to the 10.57 patch, as well as performance issues under high concurrency. Remediation Advice: Upgrade to v10.57.2 or higher Check database connection pool configuration Monitor connection pool usage 4. File Preview Failure (2023-04-20, v10.57.1) Vulnerability Description: Fixed the issue where docx file previews failed after upgrading to the 10.57 patch for E9. Remediation Advice: Upgrade to v10.57.1 or higher Check file preview component configuration 5. Other Security Fixes (2024-07-02, v10.75/v10.11) Vulnerability Description: Based on attack intelligence from July 1st, malicious IPs were added to the blacklist. Remediation Advice: Enable the IP blacklist feature Regularly update the malicious IP list Monitor abnormal access behavior 6. Weak Password Protection (2024-12-04, v10.72) Vulnerability Description: Added protection against attacks from overseas IPs and weak passwords for the account. Remediation Advice: Enable weak password detection Restrict login for the account Configure IP access policies 7. Security Protection Anomalies (2024-12-04, v10.72) Vulnerability Description: Fixed security protection anomaly issues. Remediation Advice: Upgrade to v10.72 or higher Check security protection configuration 8. System Cache Issues (2025-04-10, v10.74) Vulnerability Description: Fixed the issue where E8 personnel cards could not be opened; fixed potential system cache issues in E8/E9. Remediation Advice: Upgrade to v10.74 or higher Clear system cache Check personnel card configuration 9. IP Blacklist (2025-04-09, v10.74) Vulnerability Description: Added an IP blacklist library to block access behavior from known malicious IPs to the system. Remediation Advice: Enable the IP blacklist feature Regularly update the malicious IP list Monitor abnormal access behavior 10. Malicious IP Blacklist Download (2025-06-16, v10.75) Vulnerability Description: Added the ability to download the malicious IP blacklist. Remediation Advice: Enable the malicious IP blacklist download feature Regularly update the malicious IP list POC Code / Exploit Code No specific POC code or exploit code was provided on the page, only the mention: "The cause was the POC using for testing" (2024-07-18) Other Security Recommendations 1. Regular Patch Updates: It is recommended to upgrade to the latest version in a timely manner to obtain the latest security fixes. 2. Enable Security Protection: Enable features such as IP blacklisting, weak password protection, and security protection. 3. Monitor Abnormal Behavior: Monitor system logs and handle abnormal access behavior promptly. 4. Configure Security Policies: Configure reasonable access control policies to restrict sensitive operations. 5. Regular Security Assessments: Conduct regular security assessments and penetration tests to identify potential risks.

Goal Reached Thanks to every supporter — we hit 100%!

Weaver Ecology OA v10.57-10.79 Security Update Log: SQLi, XSS, Auth Bypass