Recent cybersecurity reports have highlighted the exploitation of two severe vulnerabilities affecting MetInfo and Weaver E-cology. These vulnerabilities enable attackers to remotely execute arbitrary code without needing authentication, posing significant risks to affected systems.
MetInfo CMS Vulnerability
MetInfo, a popular enterprise content management system (CMS) utilizing PHP and MySQL, has been found vulnerable to a critical security flaw identified as CVE-2026-29014. This flaw, with a CVSS score of 9.8, was disclosed in early April. It allows attackers to inject PHP code due to inadequate input neutralization, facilitating remote code execution and server takeover.
According to VulnCheck, the exploitation of this vulnerability began last week, with a notable increase in activity over the weekend, primarily targeting servers located in Singapore. Approximately 2,000 MetInfo instances are accessible online, mostly within China.
Weaver E-cology Exploitation
Weaver E-cology, a widely utilized office automation and collaboration tool in China, has also been targeted. The vulnerability, tracked as CVE-2026-22679, holds a CVSS score of 9.3. It involves exposed debug functionality that can be exploited via specially crafted POST requests, allowing for arbitrary command execution.
Patches for this vulnerability were issued on March 12, but exploitation attempts were detected shortly thereafter. Attackers utilized ping callbacks to probe the vulnerability and delivered payloads through the debug endpoint, operating it as a shell for command execution.
Response and Mitigation
The recent surge in exploitation attempts underscores the necessity for immediate action. Organizations using MetInfo and Weaver E-cology should apply security patches without delay to mitigate these vulnerabilities. Continuous monitoring and adopting robust cybersecurity practices are essential to safeguard against such threats.
As cyber threats evolve, staying informed and proactive is crucial. Regular updates and vigilance can help prevent exploitation and protect sensitive data from malicious actors.
