CVE-2022-50992
Published: 30 April 2026
Summary
CVE-2022-50992 is a high-severity Path Traversal (CWE-22) vulnerability in Csdn (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2022-50992 is an arbitrary file read vulnerability in Weaver (Fanwei) E-cology 9.5 versions prior to 10.52. The flaw exists in the XmlRpcServlet interface at the XML-RPC endpoint, specifically within the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods, which permit attackers to supply file paths and retrieve arbitrary files from the server.
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity, no privileges, and no user interaction required. Successful exploitation allows reading of sensitive files, including system configuration files and database credentials, resulting in high confidentiality impact as reflected in its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and association with CWE-22 (Path Traversal).
Advisories recommend upgrading to Weaver E-cology version 10.52 or later to mitigate the issue, as indicated by the affected version range. Additional details are available in sources such as the vendor's ecology full log at https://www.weaver.com.cn/cs/ecology_full_log.html, VulnCheck advisory at https://www.vulncheck.com/advisories/weaver-e-cology-unauthenticated-arbitrary-file-read-via-xmlrpcservlet, and CNVD entry at https://www.cnvd.org.cn/flaw/show/CNVD-2022-43245.
Exploitation evidence was first observed by the Shadowserver Foundation on 2022-12-14 (UTC), despite the CVE publication date of 2026-04-30.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-55964
Vulnerability details
Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp…
more
methods. Attackers can exploit these methods without authentication to retrieve sensitive files including system configuration files and database credentials from the server. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-12-14 (UTC).
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote arbitrary file read via public XML-RPC endpoint directly enables T1190 exploitation of public-facing app; permits reading local files (T1005) including credentials (T1552.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the arbitrary file read vulnerability in XmlRpcServlet by applying vendor patches such as upgrading Weaver E-cology to version 10.52 or later.
Validates file paths supplied to WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods to prevent path traversal exploitation.
Precludes unauthenticated access to sensitive file retrieval functions in the XML-RPC endpoint, limiting permitted actions without identification or authentication.