|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-11-13 | |
| Rule Name: | Yonyou U8-Cloud approveservlet SQL Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Yonyou U8 Cloud is Yonyou's cloud-based ERP software that provides enterprises with flexible and scalable cloud-based enterprise resource planning solutions. The Yonyou U8 Cloud approveservlet endpoint does not filter parameters entered by users, resulting in SQL injection vulnerability, which can be used by attackers to read and tamper with sensitive database information. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |