'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339453)

Rule General Information
Release Date: 2025-09-09
Rule Name: NEWGRAND ERP NGInterface SQL Injection Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: NEWGRAND ERP (Enterprise Resource Planning) is one of the leading enterprise management software in China, widely used in large group enterprises in multiple fields such as engineering construction, equipment manufacturing, and service industries. Its NGInterface interface has an SQL injection vulnerability. Due to the software's failure to conduct adequate security checks, filtering, and escaping on user input data (such as request parameters from external systems), attackers can construct malicious SQL code and embed it into the request parameters.
Impact: An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.
Affected OS: Windows, Linux, Others
Reference: https://huntr.com/bounties/0a9d527a-2d39-4bc0-bf01-1e717587f077
Solutions
Please contact the software vendor to update the software patch.