RULE(RULE ID:338115)

Rule General Information
Release Date: 2024-06-11
Rule Name: Yonyou NC65 avatar File Upload Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Yonyou Software Co., LTD., a leading enterprise management software and cloud service provider in China, has a file upload vulnerability in Yonyou NC6.5. The attacker constructs a malicious request by illegally calling the avatar interface to upload the webshell to achieve arbitrary file upload.
Impact: Attackers can upload viruses, Trojans, WebShell, other malicious scripts or pictures containing scripts to the server, and attackers can use these files for subsequent attacks.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.