|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-10-09 | |
| Rule Name: | Yonyou U8 leadconversion.php SQL Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Yonyou U8 is an enterprise resource planning (ERP) software designed specifically for growing enterprises, providing comprehensive information solutions. There is an SQL injection vulnerability in the leadconversion.fhp system of Yonyou U8+CRM. An unauthenticated attacker can use this vulnerability to execute arbitrary SQL statements, call xp_cmdshell to write backdoor files, execute arbitrary code, and gain server privileges. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |