|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-01-07 | |
| Rule Name: | Yonyou U8-Cloud ReleaseRepMngAction SQL Injection Vulnerability | |
| Severity: | Critical | |
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Yonyou U8-Cloud is Yonyou's cloud-based ERP software that provides enterprises with flexible and scalable cloud-based enterprise resource planning solutions. There is a SQL injection vulnerability in Yonyou U8-Cloud ReleaseRepMngAction endpoint. An unauthenticated malicious attacker can use the SQL injection vulnerability to obtain information in the database and even write commands to the server with high permission to obtain the system permission of the server. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |