| Description: | | Yonyon NC is a high-end enterprise ERP software launched by Yonyon Company. It is designed for large enterprises and group enterprises, providing comprehensive core business management functions such as financial management, supply chain management, and human resource management, supporting enterprises' complex business scenarios and high concurrent data processing requirements. SQL injection vulnerability exists in the cartabletimeline interface of the Yonyon NC system. An unauthenticated attacker executes any SQL statement through the vulnerability, calls xp_cmdshell to write a backdoor file, executes any code, and obtains the server permission. |