|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-12-10 | |
| Rule Name: | Yonyou U8 CRM getDepName SQL Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Yonyou U8 is an enterprise resource planning (ERP) software designed specifically for growing enterprises, providing comprehensive information solutions. There is an SQL injection vulnerability exists in the system. An unauthenticated attacker could execute arbitrary SQL statements through the vulnerability, which may result in the disclosure of sensitive information and even gain system privileges on the server. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |