Critical SQL Injection Vulnerability in Weaver e-cology OA: What You Need to Know

> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.

Weaver e-cology OA is a widely used enterprise collaboration platform developed by Weaver Network Technology, covering HR, finance, administration, and mobile office scenarios.

Recently, a critical SQL injection vulnerability was discovered in Weaver e-cology. Although Weaver has released official patches, many public-facing systems remain unpatched and vulnerable to exploitation.

---

Vulnerability Overview

The issue stems from improper input sanitization. User-supplied data is concatenated directly into SQL queries, allowing attackers to inject arbitrary SQL statements. This makes it possible to steal or tamper with sensitive business data.

---

Detection Tools

To help defenders quickly identify whether their systems are affected, two tools are available:

1. X-POC Remote Scanner

Lightweight remote detection utility.

xpoc -r 400 -t http://target.com

Get it here:

• https://github.com/chaitin/xpoc
• https://stack.chaitin.com/tool/detail?id=1036

---

2. CloudWalker Local Scanner

Run locally for safe, non-intrusive scanning:

weaver_ecology_sqli_scanner_windows_amd64.exe

Download here:

• https://stack.chaitin.com/tool/detail?id=1194

---

Affected Versions

• Weaver e-cology 9 (some versions)

---

Mitigation & Patching

• Temporary Workaround: Restrict access to the OA system. Do not expose it directly to the internet unless absolutely necessary.
• Permanent Fix: Apply the official patch package released by Weaver. Supports both online and offline patching. 👉 Download from Weaver Security Center

---

Product Support

Several security products have already added detection or protection for this vulnerability:

• Yuntu: Fingerprint recognition + PoC-based detection.
• Dongjian: Engine update scheduled for July 11.
• SafeLine WAF: Virtual patch released, blocks exploitation attempts in real-time.
• Quanxi: Rule package update available.
• CloudWalker: Management Platform ≥ 23.05.001 can update EMERVULN-23.07.010 to detect this vuln.

---

Timeline

• July 7 — Vulnerability intelligence obtained
• July 10 — Analysis & reproduction by Chaitin Emergency Response Lab
• July 11 — Official security advisory published

---

Final Thoughts

SQL injection is one of the oldest yet most dangerous vulnerabilities out there. If you’re running Weaver e-cology OA, patch immediately and consider adding a Web Application Firewall (like SafeLine WAF) to your stack for real-time virtual patching and long-term protection.

---

Resources

• Weaver Security Download: https://www.weaver.com.cn/cs/securityDownload.html?src=cn

---

Join the SafeLine Community

If you continue to experience issues, feel free to contact SafeLine support for further assistance.

• GitHub Repository
• Official Docs
• Discord Community