|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-06-04 | |
| Rule Name: | Yonyou Chanjet T+ GLSyncService SQL Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Yonyou Chanjet T+ is a new type of Internet-based enterprise management software, with functional modules including: financial management, procurement management, inventory management, etc.The GLSyncService.asmx interface of this software has an arbitrary file upload vulnerability. This vulnerability stems from the failure to filter user input, which leads to an SQL injection vulnerability. By exploiting this vulnerability, attackers can ultimately achieve remote command execution. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |