CVE-2025-34038 (GCVE-0-2025-34038)

Vulnerability from cvelistv5 – Published: 2025-06-24 01:06 – Updated: 2026-05-14 02:07 X_Known Exploited Vulnerability
VLAI KEVintel KEV
Title
Weaver E-cology SQL Injection
Summary
A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.
Severity
8.7 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
Vendor Product Version
Weaver E-cology Affected: 0 , ≤ 8.0 (custom)
Create a notification for this product.
Credits
r1ch4rd_L
KEVintel KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 069fe65c-910a-4cf4-93d2-c1501316a829

Vulnerability ID: CVE-2025-34038

Status: Confirmed

Status Updated: 2026-01-29 00:00 UTC

Exploited: Yes

Timestamps
First Seen: 2026-01-29
Asserted: 2026-01-29
Scope
Notes: KEVIntel entry: Weaver E-cology SQL Injection | Affected: Weaver / E-cology | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True
Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel

Details
Feed KEVIntel (kevintel.com)
Title Weaver E-cology SQL Injection
Vendor Weaver
Product E-cology
Added Date 2026-01-29T00:00:00.000Z
Cvss Score 8.7
Epss Score None
Cvss Severity HIGH
Epss Percentile None
Used In Malware unknown
Ahead Of Cisa Kev None
Not Yet In Cisa Kev True
References
Created: 2026-06-19 12:45 UTC | Updated: 2026-06-19 12:45 UTC
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-34038",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-24T15:50:15.520230Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-24T15:50:41.509Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Web Management Interface (getdata.jsp endpoint)"
          ],
          "product": "E-cology",
          "vendor": "Weaver",
          "versions": [
            {
              "lessThanOrEqual": "8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:weiphp:weiphp:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "r1ch4rd_L"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes.\u0026nbsp;Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC."
            }
          ],
          "value": "A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-66",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-66 SQL Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T02:07:26.667Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "technical-description"
          ],
          "url": "https://www.cnblogs.com/0day-li/p/14637680.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-33202"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://weaver.com.co/products/ecology/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vulncheck.com/advisories/fanwei-ecology-sql-injection"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "tags": [
        "x_known-exploited-vulnerability"
      ],
      "title": "Weaver E-cology SQL Injection",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-34038",
    "datePublished": "2025-06-24T01:06:35.820Z",
    "dateReserved": "2025-04-15T19:15:22.546Z",
    "dateUpdated": "2026-05-14T02:07:26.667Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-34038",
      "date": "2026-06-19",
      "epss": "0.01852",
      "percentile": "0.76372"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-34038\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-06-24T02:15:21.667\",\"lastModified\":\"2026-01-27T21:15:56.230\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A SQL injection vulnerability exists in Weaver e-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de inyecci\u00f3n SQL en Fanwei e-cology 8.0 a trav\u00e9s del endpoint getdata.jsp. La aplicaci\u00f3n pasa directamente la entrada de usuario no saneada del par\u00e1metro sql a una consulta de base de datos dentro del m\u00e9todo getSelectAllIds(sql, type), accesible mediante el flujo de trabajo cmd=getSelectAllId en AjaxManager. Esto permite a atacantes no autenticados ejecutar consultas SQL arbitrarias, lo que podr\u00eda exponer datos confidenciales, como hashes de contrase\u00f1as de administrador.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0\",\"matchCriteriaId\":\"9376A923-8E3F-439C-8FD5-34A16A44E065\"}]}]}],\"references\":[{\"url\":\"https://vulncheck.com/advisories/fanwei-ecology-sql-injection\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://weaver.com.co/products/ecology/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.cnblogs.com/0day-li/p/14637680.html\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.cnvd.org.cn/flaw/show/CNVD-2021-33202\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-34038\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-24T15:50:15.520230Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-24T15:50:22.286Z\"}}], \"cna\": {\"tags\": [\"x_known-exploited-vulnerability\"], \"title\": \"Weaver E-cology SQL Injection\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"r1ch4rd_L\"}], \"impacts\": [{\"capecId\": \"CAPEC-66\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-66 SQL Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Weaver\", \"modules\": [\"Web Management Interface (getdata.jsp endpoint)\"], \"product\": \"E-cology\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.cnblogs.com/0day-li/p/14637680.html\", \"tags\": [\"exploit\", \"technical-description\"]}, {\"url\": \"https://www.cnvd.org.cn/flaw/show/CNVD-2021-33202\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://weaver.com.co/products/ecology/\", \"tags\": [\"product\"]}, {\"url\": \"https://vulncheck.com/advisories/fanwei-ecology-sql-injection\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"vulncheck\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes.\\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes.\u0026nbsp;Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:weiphp:weiphp:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"8.0\", \"versionStartIncluding\": \"0\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2026-05-14T02:07:26.667Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-34038\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-14T02:07:26.667Z\", \"dateReserved\": \"2025-04-15T19:15:22.546Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2025-06-24T01:06:35.820Z\", \"assignerShortName\": \"VulnCheck\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.