Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2022-50993 -- CVSS 9.8 Vulnerability Briefing

CVE-2022-50993 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2022-50993 is an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint of Weaver (Fanwei) E-office, affecting all versions prior to 10.0_20221201.

Technical Detail

The flaw exists in the OfficeServer.php endpoint, which fails to enforce authentication or adequate file type validation before accepting uploaded content. A remote, unauthenticated attacker can submit a malicious file, such as a web shell, directly to this endpoint without any prior credentials or session context. Successful exploitation results in remote code execution (RCE) on the underlying server, granting the attacker the ability to execute arbitrary commands at the privilege level of the web server process.

Exploitation Status

No known public exploit code has been confirmed at this time, and this CVE is not listed in the CISA Known Exploited Vulnerabilities catalog. The exploit maturity is currently assessed as no known exploit. However, the vulnerability class (unauthenticated file upload leading to RCE) is well understood and straightforward to weaponize, which lowers the practical barrier for exploitation if details become more widely available.

Who Is Targeting This

No specific threat actor attribution has been confirmed at this time. Weaver E-office is a widely deployed enterprise office automation platform primarily used by organizations in China, which may attract interest from actors targeting that region or supply chain. No campaigns or sector-specific targeting have been documented in available intelligence.

What To Do

Organizations running Weaver E-office should upgrade to version 10.0_20221201 or later immediately, as this is the vendor-confirmed remediated release. If patching cannot be applied immediately, restrict external network access to the OfficeServer.php endpoint via web application firewall rules or network-layer controls, and ensure the endpoint is not exposed to untrusted networks. Detection efforts should focus on anomalous POST requests to OfficeServer.php, unexpected file creation in web-accessible directories, and new process execution originating from the web server process. Given the critical CVSS score of 9.8 and the unauthenticated nature of the flaw, patching should be treated as high priority regardless of current exploitation status.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →