'; } else{ echo ''; } echo '
|
|||
Rule General Information |
---|
Release Date: | 2025-07-22 | |
Rule Name: | SHIKONGZHIYOU ERP API updater.uploadStudioFile Arbitrary File Upload Vulnerability | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | SHIKONGZHIYOU ERP is an integrated enterprise resource planning system focused on delivering comprehensive business process management to enhance operational efficiency and decision support for businesses. There is an arbitrary file upload vulnerability in the system's updater.uploadStudioFile interface. Attackers can take advantage of this vulnerability to upload Trojans and control the entire system. | |
Impact: | Attackers can upload viruses, Trojans, WebShell, other malicious scripts or pictures containing scripts to the server, and attackers can use these files for subsequent attacks. | |
Affected OS: | Windows, Linux, Others | |
Reference: | ||
Solutions |
---|
Please contact the software vendor to update the software patch. |