CVE-2025-34038
published 2025-06-24CVE-2025-34038: A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql…
PriorityP179high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.84%
76.3th percentile
A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azl3_etcd_3.5.9-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_kubernetes_1.28.7-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_moby-engine_25.0.3-13_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| weaver | e-cology | <= 8.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring GET requests to /js/hrm/getdata.jsp with the parameter cmd=getSelectAllId and a user-supplied sql= parameter value. ↗
- →A numeric multiplication canary (547653*865674) is used in the PoC payload; the response body containing '474088963122' confirms successful SQL injection execution. ↗
- →The vulnerability is exploitable by unauthenticated attackers; no session or authentication token is required. Alert on any unauthenticated access to getdata.jsp with a sql= query parameter. ↗
- →Active exploitation in the wild was confirmed by the Shadowserver Foundation on 2025-02-05 UTC; treat any hits on this endpoint as high-priority. ↗
- →Use the FOFA fingerprint 'app="泛微-协同办公OA"' to identify internet-exposed Fanwei e-cology OA instances for proactive asset discovery and patching prioritization. ↗
- ·The vulnerability is specific to Fanwei e-cology version 8.0; other versions may or may not be affected and should be tested independently. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck8.7HIGH
vendor_msrc7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3464-wq8g-r9gp: A SQL injection vulnerability exists in Fanwei e-cology 8
ghsa_unreviewed·2025-06-26
CVE-2025-34038 [HIGH] CWE-89 GHSA-3464-wq8g-r9gp: A SQL injection vulnerability exists in Fanwei e-cology 8
A SQL injection vulnerability exists in Fanwei e-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes.
VulnCheck
weaver e-cology Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2025·CVSS 8.7
CVE-2025-34038 [HIGH] weaver e-cology Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
weaver e-cology Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.
Affected: Fanwei e-cology
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitig
Microsoft
Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.
vendor_msrc·2023-08-08·CVSS 7.5
CVE-2022-34038 [HIGH] CWE-787 Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.
Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
No detection rules found.
Nuclei
Fanwei e-cology - SQL Injection
nuclei·CVSS 8.7
CVE-2025-34038 [HIGH] Fanwei e-cology - SQL Injection
Fanwei e-cology - SQL Injection
Fanwei e-cology 8.0 contains a sql injection caused by unsanitized user input in the sql parameter of getdata.jsp, letting unauthenticated attackers execute arbitrary SQL queries and access sensitive data.
Template:
id: CVE-2025-34038
info:
name: Fanwei e-cology - SQL Injection
author: ritikchaddha
severity: high
description: |
Fanwei e-cology 8.0 contains a sql injection caused by unsanitized user input in the sql parameter of getdata.jsp, letting unauthenticated attackers execute arbitrary SQL queries and access sensitive data.
impact: |
Unauthenticated attackers can execute arbitrary SQL queries, potentially exposing sensitive data including administrator password hashes.
remediation: |
Update to the latest version of Fanwei e-cology.
reference:
- htt
No writeups or analysis indexed.
2025-06-24
Published
Exploited in the wild