RULE(RULE ID:338167)

Rule General Information
Release Date: 2024-06-25
Rule Name: Yonyou GRP-U8 userInfoWeb SQL Injection Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Yonyou GRP-U8 Administrative and Public Financial Management Software is a new generation product launched by Yonyou Corporation, focusing on the national electronic government affairs sector. It is the most professional government financial management software in China's administrative and financial field, based on cloud computing technology. Yonyou GRP-U8 userInfoWeb interface is vulnerable to SQL injection due to the lack of effective filtering on the value of the userId parameter. This vulnerability allows malicious attackers to perform SQL injection attacks through this loophole.
Impact: An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.