|
|||
Rule General Information |
---|
Release Date: | 2021-05-28 | |
Rule Name: | Yonyou NC Cloud FS File management SQL Injection Vulnerability | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Yonyou NC Cloud is a new generation of Cloud ERP products, providing hybrid cloud solutions for growing, large and giant conglomerates. The Yonyou NC Cloud FS file management server has SQL injection vulnerability, which is caused by insufficient verification of input parameters. An attacker can gain server permissions by injecting malicious SQL statements into an application, performing unauthorized operations, resulting in information disclosure. | |
Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
Affected OS: | Windows | |
Reference: | ||
Solutions |
---|
Please contact the software vendor to update the software patch. |