Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339381）

Rule General Information


Release Date:		2025-08-19

Rule Name:		Yonyou Chanjet CRM newleadset.php SQL Injection Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Yonyou Chanjet CRM is a new type of enterprise management software based on the Internet. Its functional modules include: financial management, purchasing management, inventory management, etc. It is mainly an integrated application of finance and business for small and medium-sized industrial, trade and commercial enterprises. There is an SQL injection vulnerability in the newleadset.php interface of Yonyou Chanjet CRM. Attackers can inject malicious SQL statements by constructing malicious request parameters, resulting in database information leakage, data tampering, and even system privilege escalation, affecting the security and integrity of system data.

Impact:		An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.