Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339435）

Rule General Information


Release Date:		2025-09-02

Rule Name:		Yonyou NC baplink SQL Injection Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Yonyou NC is a high-end enterprise-level ERP software launched by Yonyou, designed specifically for large enterprises and corporate groups. It provides comprehensive core business management functions such as financial management, supply chain management, and human resource management, supporting complex business scenarios and high-concurrency data processing needs. The baplink interface of Yonyou NC has an SQL injection vulnerability. Malicious attackers can exploit this vulnerability to perform unauthorized database operations, which may lead to security issues such as information leakage, database tampering, or denial of service.

Impact:		An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.