'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339475)

Rule General Information
Release Date: 2025-09-16
Rule Name: Yonyou NC API IMetaWebService4BqCloud SQL Injection Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Yonyou NC is a high-end enterprise-level ERP software launched by Yonyou, designed specifically for large enterprises and corporate groups. It provides comprehensive core business management functions such as financial management, supply chain management, and human resource management, supporting complex business scenarios and high-concurrency data processing needs. The IMetaWebService4BqCloud interface of the Yonyou NC has an SQL injection vulnerability. Besides taking advantage of this vulnerability to obtain information in the database, attackers can even write Trojans into the server under high privileges to further gain system privileges of the server.
Impact: An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.