|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-01-07 | |
| Rule Name: | Yonyou NC-Cloud getStaffInfo SQL Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Yonyou NC-Cloud is an Enterprise Resource Planning (ERP) system developed by Yonyou. Its getStaffInfo endpoint has SQL Injection Vulnerability. An unauthenticated malicious attacker can use the SQL injection vulnerability to obtain information in the database and even write commands to the server with high permission to obtain the system permission of the server. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |