> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
A critical SQL injection vulnerability has been discovered in Weaver e-cology, a popular enterprise collaboration platform used for HR, finance, administration, and mobile workflows.
In July 2024, Weaver released a patch addressing this high-risk issue. Attackers can exploit the vulnerability without authentication, making it essential for all affected organizations to upgrade immediately.
Vulnerability Overview
Root Cause
The vulnerability is found in the WorkflowServiceXml component of e-cology. It occurs due to insufficient input validation — user input is directly concatenated into SQL statements, enabling injection attacks.
Impact
An attacker could:
- Extract sensitive data from the backend database
- Chain the attack to gain further access or even full system compromise
Risk Summary
- Vulnerability Type: SQL Injection (SQLi)
- Severity Level: High
- Authentication Required: No (exploitable without login)
- Configuration Requirement: Default installation is vulnerable
- User Interaction: None required
- Exploit Status: No public PoC/EXP (as of now)
- Mass Exploitation Potential: Possible using generic SQLi scanners
- Patch Difficulty: Low — official patch available
Detection
Use X-POC for remote vulnerability testing:
xpoc -r 426 -t http://xpoc.org
- GitHub: https://github.com/chaitin/xpoc
- More info: https://stack.chaitin.com/tool/detail/1036
Affected Versions
Weaver e-cology 9 — Versions before the July 10, 2024 patch
Remediation
Official Fix
Weaver has released an update patch on July 10, 2024. You can download and apply the patch (both online and offline methods supported) from the official security page:
👉 https://www.weaver.com.cn/cs/securityDownload.html?src=cn
Temporary Mitigation (Not Recommended Long-Term)
These steps may reduce exposure but do not fully eliminate the risk:
- Deploy a WAF (e.g., SafeLine WAF) to filter malicious payloads.
- Implement strict URL access controls on exposed endpoints.
- Restrict public access to the e-cology system (if not required externally).
Product Support
| Security Platform | Support Level |
|---|---|
| SafeLine WAF | Detects exploit behavior by default |
| YunTu | Supports product fingerprinting and PoC-based detection by default |
| DongJian | Supports manual PoC testing |
| QuanXi | Will fully support detection in the July 12 update |
Timeline
- July 10, 2024 — Official patch released by Weaver
- July 12, 2024 — Vulnerability analyzed and reproduced by Chaitin Security Lab
- July 12, 2024 — Public advisory published by Chaitin CERT
Final Thoughts
This vulnerability is highly exploitable and affects default installations of Weaver e-cology. Since no authentication is required, attackers can automate mass scans and exploitation easily.
If you're running e-cology in production, patch immediately or place the system behind a properly configured WAF such as SafeLine to prevent abuse.
Top comments (0)