Hillstone Networks

RULE（RULE ID：339159）

Rule General Information


Release Date:		2025-06-25

Rule Name:		Yonyou U8 Cloud KeyWordReportQuery SQL Injection Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Yonyou U8 Cloud is an ERP software based on cloud computing technology, providing flexible and scalable cloud enterprise resource planning solutions for enterprises, supporting digital transformation and business innovation. The KeyWordReportQuery interface in the Yonyou U8 Cloud contains an SQL injection vulnerability. This vulnerability is caused by inadequate verification of input parameters. An attacker can inject malicious SQL statements into applications to perform unauthorized operations, resulting in information leakage and obtaining server permissions.

Impact:		An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.