CVE-2022-50992 in e-cologyinformación

Resumen

por MITRE • 2026-04-30

Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods. Attackers can exploit these methods without authentication to retrieve sensitive files including system configuration files and database credentials from the server. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-12-14 (UTC).

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

VulnCheck

Reservar

2026-04-29

Divulgación

2026-04-30

Moderación

aceptado

Artículo

VDB-360339

CPE

listo

CWE

CWE-22 (confirmado)

CVSS

7.5 (CNA)

EPSS

0.00156

KEV

Actividades

muy bajo

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2022-50992
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-50992
CVE Details	https://www.cvedetails.com/cve/CVE-2022-50992/

◂ Anterior Visión De Conjunto Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!