CVE-2023-3793

MEDIUM EXPLOITED

Weaver e-cology < 10.58.0 - SQL Injection via fileid Parameter in filelFileDownloadForOutDoc.class

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-3793 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql injection. Upgrading to version 10.58.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-235061 was assigned to this vulnerability.

References (2)

Core 2
Core References
Permissions Required, Third Party Advisory vdb-entry technical-description
https://vuldb.com/?id.235061
Permissions Required, Third Party Advisory signature
https://vuldb.com/?ctiid.235061

Scores

CVSS v3 5.5
EPSS 0.0042
EPSS Percentile 34.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2026-04-26
CWE
CWE-89
Status published
Products (1)
weaver/e-cology < 10.58.0
Published Jul 20, 2023
Tracked Since Feb 18, 2026