RULE(RULE ID:333593)

Rule General Information
Release Date: 2021-05-28
Rule Name: Yonyou U8 OA test.jsp SQL Injection Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Yonyou GRP-U8R10 administrative business financial management software is a new generation product launched by UFIDA focusing on national e-government business based on cloud computing technology. It is the most professional government financial management software in the field of administrative business finance in my country. When the user can control the parameters in the command execution function, malicious system commands can be injected into normal commands, causing command execution attacks
Impact: An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.
Affected OS: Windows
Reference:
Solutions
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.