SQL Injection in Weaver E-cology

CVE-2025-34038

A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, rea…

Vulnerability class: SQL Injection

EPSS: 0.052 (90.1th percentile) — read the EPSS interpretation.

Affected products

Weaver E-cology — versions 0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

www.cnblogs.com/0day-li/p/14637680.html (exploit, technical-description)
www.cnvd.org.cn/flaw/show/CNVD-2021-33202 (third-party-advisory)
weaver.com.co/products/ecology/ (product)
vulncheck.com/advisories/fanwei-ecology-sql-injection (third-party-advisory)