RULE(RULE ID:338062)

Rule General Information
Release Date: 2024-06-04
Rule Name: Yonyou Chanjet T+ InitServerInfo.aspx SQL Injection Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Yonyou Chanjet T+is a comprehensive enterprise management software that covers multiple fields such as finance, supply chain, production and manufacturing, helping enterprises achieve information management and business process optimization. An SQL injection vulnerability exists in the InitServerInfo.aspx interface of T+, which can be exploited to execute malicious commands.
Impact: An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.