CVE-2022-50992
Deferred Deferred - Pending Action
Arbitrary File Read in Weaver E-cology 9.5

Publication date: 2026-04-30

Last updated on: 2026-04-30

Assigner: VulnCheck

Description
Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods. Attackers can exploit these methods without authentication to retrieve sensitive files including system configuration files and database credentials from the server. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-12-14 (UTC).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50992
EUVD
EUVD-2022-55964
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
weaver e-cology to 10.52 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthenticated remote attackers to read arbitrary files, including sensitive system configuration files and database credentials. This exposure of sensitive information could lead to unauthorized access to personal or protected data, potentially violating data protection regulations such as GDPR and HIPAA.

Since attackers can retrieve sensitive files without authentication, organizations using affected versions of Weaver E-cology may face increased risk of data breaches, which can result in non-compliance with standards requiring confidentiality and integrity of personal and sensitive information.

Mitigation through patching (upgrading to version 10.52 or later) and following security best practices as outlined in Weaver's security updates is critical to maintaining compliance and reducing the risk of regulatory penalties.

Detection Guidance

This vulnerability can be detected by attempting to access the XmlRpcServlet interface on Weaver E-cology versions prior to 10.52, specifically targeting the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods to see if arbitrary files can be read without authentication.

A practical detection approach involves sending crafted HTTP requests to the XML-RPC endpoint to check if the server responds with file contents when file paths are supplied to these methods.

Example commands using curl to test for the vulnerability might include:

  • curl -X POST -H "Content-Type: text/xml" --data '<methodCall><methodName>WorkflowService.getAttachment</methodName><params><param><value><string>/etc/passwd</string></value></param></params></methodCall>' http://target-server/XmlRpcServlet
  • curl -X POST -H "Content-Type: text/xml" --data '<methodCall><methodName>WorkflowService.LoadTemplateProp</methodName><params><param><value><string>/etc/passwd</string></value></param></params></methodCall>' http://target-server/XmlRpcServlet

If the server returns the contents of the specified file (e.g., /etc/passwd), it indicates the presence of the vulnerability.

Executive Summary

CVE-2022-50992 is an unauthenticated arbitrary file read vulnerability found in Weaver (Fanwei) E-cology versions prior to 10.52. It exists in the XmlRpcServlet interface at the XML-RPC endpoint, specifically in the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods.

This vulnerability allows remote attackers to read arbitrary files on the server without needing to authenticate by supplying file paths to these methods.

Attackers can exploit this flaw to retrieve sensitive files such as system configuration files and database credentials, potentially compromising the server.

Impact Analysis

This vulnerability can have serious impacts as it allows unauthenticated remote attackers to access sensitive files on the affected server.

  • Exposure of system configuration files which may reveal internal system details.
  • Disclosure of database credentials that could lead to further unauthorized access or data breaches.

Such unauthorized access can compromise the confidentiality and security of the affected system and its data.

Mitigation Strategies

To mitigate the CVE-2022-50992 vulnerability in Weaver E-cology versions prior to 10.52, you should immediately upgrade your system to version 10.52 or later, where the vulnerability has been patched.

Before upgrading, ensure you perform offsite and off-media backups of your applications and databases.

After upgrading, follow any post-upgrade instructions such as accessing specific URLs to initialize data as required by the update.

Additionally, restrict exposure of unnecessary ports to the internet, allowing only essential ports like 80, 89, and 8088, and prohibit exposing remote desktop ports such as 3389 and 22.

Verify the integrity of downloaded patches by checking MD5 checksums.

If your system uses microservices like ESearch, restrict access to sensitive ports (e.g., 8099, 2098, 8090, 9300, 20981) to prevent internet exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50992. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart