RULE(RULE ID:338542)

Rule General Information
Release Date: 2024-11-13
Rule Name: Topvision Yibao OA ExecuteQueryNoneResult SQL Injection Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Yibao OA is an enterprise-level office automation system designed to help enterprises achieve efficient collaborative work and business process management. Yibao OA provides a series of powerful tools, including but not limited to process approval, document management, scheduling, collaborative office, personnel management, etc., to provide an integrated solution for enterprises. Yibao OA have SQL injection vulnerabilities, the vulnerability is due to system effectively filter ExecuteQueryNoneResult interface to user input, lead to a malicious attacker can be SQL injection string concatenation.
Impact: An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.