Cyber Resilience

CVE-2022-50992

HighPublic PoC

Published: 30 April 2026

Published
30 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0070 48.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2022-50992 is a high-severity Path Traversal (CWE-22) vulnerability in Csdn (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2022-50992 is an arbitrary file read vulnerability in Weaver (Fanwei) E-cology 9.5 versions prior to 10.52. The flaw exists in the XmlRpcServlet interface at the XML-RPC endpoint, specifically within the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods, which permit attackers to supply file paths and retrieve arbitrary files from the server.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity, no privileges, and no user interaction required. Successful exploitation allows reading of sensitive files, including system configuration files and database credentials, resulting in high confidentiality impact as reflected in its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and association with CWE-22 (Path Traversal).

Advisories recommend upgrading to Weaver E-cology version 10.52 or later to mitigate the issue, as indicated by the affected version range. Additional details are available in sources such as the vendor's ecology full log at https://www.weaver.com.cn/cs/ecology_full_log.html, VulnCheck advisory at https://www.vulncheck.com/advisories/weaver-e-cology-unauthenticated-arbitrary-file-read-via-xmlrpcservlet, and CNVD entry at https://www.cnvd.org.cn/flaw/show/CNVD-2022-43245.

Exploitation evidence was first observed by the Shadowserver Foundation on 2022-12-14 (UTC), despite the CVE publication date of 2026-04-30.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp…

more

methods. Attackers can exploit these methods without authentication to retrieve sensitive files including system configuration files and database credentials from the server. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-12-14 (UTC).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Unauthenticated remote arbitrary file read via public XML-RPC endpoint directly enables T1190 exploitation of public-facing app; permits reading local files (T1005) including credentials (T1552.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-36939Shared CWE-22
CVE-2026-26217Shared CWE-22
CVE-2026-27305Shared CWE-22
CVE-2026-30952Shared CWE-22
CVE-2026-32847Shared CWE-22
CVE-2026-6227Shared CWE-22
CVE-2026-30976Shared CWE-22
CVE-2025-10897Shared CWE-22
CVE-2026-30403Shared CWE-22
CVE-2026-30869Shared CWE-22

Affected Assets

Csdn
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the arbitrary file read vulnerability in XmlRpcServlet by applying vendor patches such as upgrading Weaver E-cology to version 10.52 or later.

prevent

Validates file paths supplied to WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods to prevent path traversal exploitation.

prevent

Precludes unauthenticated access to sensitive file retrieval functions in the XML-RPC endpoint, limiting permitted actions without identification or authentication.

References