CVE-2022-50993
published 2026-04-30CVE-2022-50993: Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that…
PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.77%
51.1th percentile
Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types. Attackers can upload PHP webshells to the Document directory and execute them via HTTP GET requests to achieve remote code execution as the web server user. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-10-10 (UTC).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| weaver_network_co_ltd | e-office | < 10.0_20221201 | 10.0_20221201 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g99j-cq2q-3xrv: Weaver (Fanwei) E-office versions prior to 10
ghsa_unreviewed·2026-04-30
CVE-2022-50993 [CRITICAL] CWE-434 GHSA-g99j-cq2q-3xrv: Weaver (Fanwei) E-office versions prior to 10
Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types. Attackers can upload PHP webshells to the Document directory and execute them via HTTP GET requests to achieve remote code execution as the web server user. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-10-10 (UTC).
VulDB
Weaver E-office up to 10.0_20221200 OfficeServer.php unrestricted upload
vuldb·2026-04-30·CVSS 9.3
CVE-2022-50993 [CRITICAL] Weaver E-office up to 10.0_20221200 OfficeServer.php unrestricted upload
A vulnerability, which was classified as critical, was found in Weaver E-office up to 10.0_20221200. The impacted element is an unknown function of the file OfficeServer.php. Executing a manipulation can lead to unrestricted upload.
The identification of this vulnerability is CVE-2022-50993. The attack may be launched remotely. There is no exploit available.
You should upgrade the affected component.
VulnCheck
Unrestricted Upload of File with Dangerous Type
vulncheck·2022·CVSS 9.3
CVE-2022-50993 [CRITICAL] Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type
Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types. Attackers can upload PHP webshells to the Document directory and execute them via HTTP GET requests to achieve remote code execution as the web server user. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-10-10 (UTC).
Affected: Weaver Network Co., Ltd. E-office
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
E
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-30
Published
Exploited in the wild