CVE-2022-50993
Deferred Deferred - Pending Action
Unauthenticated Arbitrary File Upload in Weaver E-Office

Publication date: 2026-04-30

Last updated on: 2026-04-30

Assigner: VulnCheck

Description
Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types. Attackers can upload PHP webshells to the Document directory and execute them via HTTP GET requests to achieve remote code execution as the web server user. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-10-10 (UTC).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-14
NVD
CVE-2022-50993
EUVD
EUVD-2022-55965
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
weaver e-office to 10.0_20221201 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2022-50993 is an unauthenticated arbitrary file upload vulnerability in Weaver (Fanwei) E-office versions prior to 10.0_20221201. It exists in the OfficeServer.php endpoint, allowing remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types.

Attackers can upload PHP webshells to the Document directory and then execute them via HTTP GET requests, which leads to remote code execution with the privileges of the web server user.

Impact Analysis

This vulnerability allows attackers to gain unauthorized access to the affected system by uploading and executing malicious files such as PHP webshells.

Exploitation can lead to remote code execution, enabling attackers to take control of the server, access sensitive data, modify or delete files, and potentially use the compromised server as a foothold for further attacks.

Because the attack requires no authentication or administrator privileges, it poses a severe security threat to organizations using vulnerable versions of Weaver E-office.

Detection Guidance

This vulnerability can be detected by monitoring for unusual multipart POST requests to the OfficeServer.php endpoint that include arbitrary filenames and disguised content types. Specifically, look for attempts to upload PHP files or webshells to the Document directory.

Commands to detect exploitation attempts might include inspecting web server logs for suspicious POST requests or scanning the Document directory for unexpected PHP files.

  • Use tools like grep to search web server access logs for POST requests to OfficeServer.php, e.g.:
  • grep 'POST /OfficeServer.php' /var/log/apache2/access.log
  • Check for recently created or modified PHP files in the Document directory, e.g.:
  • find /path/to/Document -name '*.php' -mtime -7
  • Use network monitoring tools to detect multipart POST requests with suspicious content types targeting OfficeServer.php.
Mitigation Strategies

Immediate mitigation steps include updating the Weaver E-office system to version 10.0_20221201 or later, which contains the fix for this vulnerability.

If an update is not immediately possible, restrict access to the OfficeServer.php endpoint to trusted IP addresses or through firewall rules to prevent unauthorized file uploads.

Additionally, monitor and remove any suspicious PHP files in the Document directory and review server logs for signs of exploitation.

Applying security patches and following vendor recommendations is critical to prevent remote code execution attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50993. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart