| Description: | | Yonyon NC is a high-end enterprise ERP software launched by Yonyon Company. It is designed for large enterprises and group enterprises, providing comprehensive core business management functions such as financial management, supply chain management, and human resource management, supporting enterprises' complex business scenarios and high concurrent data processing requirements. SQL injection vulnerability exists in the yerfile_download interface of the Yonyon NC system. An unauthenticated attacker could execute arbitrary SQL statements through the vulnerability, which may result in the disclosure of sensitive information and even gain system privileges on the server. |