Hiroki Sawada

**Name of the Vulnerable Software and Affected Versions** Weaver e-cology versions prior to 10.58.0 **Description** A critical issue affects the HTTP POST Request Handler component of Weaver e-cology, specifically the file filelFileDownloadForOutDoc.class. The manipulation of the `fileid` argument with the input `1+WAITFOR+DELAY` leads to SQL injection. **Recommendations** Upgrade to version 10.58.0 to address this issue. As a temporary workaround, consider restricting the input for the `fileid` argument in the HTTP POST Request Handler to prevent SQL injection attacks.