A critical, actively exploited vulnerability in Weaver E-office allows unauthenticated attackers to execute arbitrary code on the host server.

The OfficeServer.php endpoint allows unauthenticated users to upload arbitrary files. By uploading a PHP file, an attacker can achieve remote code execution as the web server user.

With a CVSS score of 9.8, this vulnerability is extremely dangerous. Active exploitation has been observed in the wild since 2022. Successful exploitation gives an attacker full control over the application server, allowing for data theft and further network penetration.

Immediate Action: Update Weaver E-office to version 10.0_20221201 or later immediately.

Proactive Monitoring: Scan servers for unauthorized PHP files in the Document directory and review web server logs for requests to suspicious file paths.

Compensating Controls: Restrict access to OfficeServer.php via firewall rules or WAF policies if immediate patching is not possible.

Public Exploit Available: Yes

This is a critical, high-risk vulnerability with confirmed active exploitation. If your organization is running an affected version, assume compromise and initiate incident response procedures immediately alongside patching.