|
|
|||
| Rule General Information |
|---|
| Release Date: | 2023-08-22 | |
| Rule Name: | Mingyuanyun ERP ApiUpdate.ashx Arbitrary File Upload Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | There is an arbitrary file upload vulnerability in the ApiUpdate.ashx file, which is the interface manager of Mingyuanyun ERP system. Attackers can upload arbitrary files and control the server by constructing a special ZIP compression package. | |
| Impact: | Attackers can upload viruses, Trojans, WebShell, other malicious scripts or pictures containing scripts to the server, and attackers can use these files for subsequent attacks. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |