Hillstone Networks

RULE（RULE ID：338708）

Rule General Information


Release Date:		2025-02-25

Rule Name:		Realor GWT System GetPwdPolicy SQL Injection Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Ruiyou Tianyi Application Virtualization System is an application virtualization platform with independent intellectual property rights and based on server computing architecture developed by Xi 'an Ruiyou Information Technology Information Co., LTD. SQL injection vulnerability exists in GetPwdPolicy, an application virtualization system. This vulnerability is caused by the fact that the system does not effectively filter user input and directly splicing it into SQL query statements, resulting in SQL injection vulnerability.

Impact:		An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.