|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-06-25 | |
| Rule Name: | Yonyou NC saveDoc.ajax Arbitrary File Upload Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Yonyou NC is a high-end ERP system designed for large enterprises, supporting core functions such as group control, financial sharing, and supply chain collaboration, helping enterprises achieve digital transformation. The saveDoc.ajax in Yonyou contains an arbitrary file upload vulnerability. An attacker can exploit this vulnerability to upload malicious files and gain full control of the host. | |
| Impact: | Attackers can upload viruses, Trojans, WebShell, other malicious scripts or pictures containing scripts to the server, and attackers can use these files for subsequent attacks. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |