| Description: | | Yoniu NC is a suite of management software products developed by Yoniu Corporation for large enterprises and corporate groups. This product series is built on the latest global internet technologies, cloud computing, and mobile application technologies, designed to help enterprises innovate management models and drive business transformation. The filename parameter in the Yoniu NC /uapim/upload/grouptemplet interface has a directory traversal vulnerability that leads to arbitrary file upload. Attackers can upload script files containing malicious code to the server, enabling them to execute arbitrary system commands and thereby gain control of the server. |