RULE(RULE ID:338541)

Rule General Information
Release Date: 2024-11-13
Rule Name: Topvision Yibao OA ExecuteSqlForDataSet SQL Injection Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Yibao OA is an enterprise-level office automation system designed to help enterprises achieve efficient collaborative work and business process management. Yibao OA provides a series of powerful tools, including but not limited to process approval, document management, scheduling, collaborative office, personnel management, etc., to provide an integrated solution for enterprises. Yibao OA have SQL injection vulnerabilities, the vulnerability is due to system effectively filter ExecuteSqlForDataSet interface to user input, lead to a malicious attacker can be SQL injection string concatenation.
Impact: An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.