Hillstone Networks

RULE（RULE ID：333390）

Rule General Information


Release Date:		2021-04-01

Rule Name:		Yonyou GRP-U8 SQL Injection Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Yonyou GRP-U8R10 administrative business financial management software is a new generation product launched by UFIDA focusing on national e-government business based on cloud computing technology. It is the most professional government financial management software in the field of administrative business finance in my country. Yonyou GRP-U8/Proxy url exists sql injection vulnerability. This vulnerability is caused by inadequate verification of input parameters. An attacker can inject malicious SQL statements into applications to perform unauthorized operations, resulting in information leakage and obtaining server permissions.

Impact:		An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.