|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-06-25 | |
| Rule Name: | Yonyou NC Cloud API runScript SQL Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Yonyou NC is a high-end ERP system designed for large enterprises, supporting core functions such as group control, financial sharing, and supply chain collaboration, helping enterprises achieve digital transformation. There is an SQL injection vulnerability in the runScript of Yonyou NC. Attackers can exploit this vulnerability to steal sensitive information, tamper with database data, take control of the database server, and potentially further compromise the entire system. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |