Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339494）

Rule General Information


Release Date:		2025-10-09

Rule Name:		Mingyuanyun ERP VisitorWeb_XMLHTTP.aspx SQL Injection Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Mingyuanyun ERP is a digital business platform specially built for the real estate industry, covering the whole value chain of investment, construction, marketing and asset management, helping real estate enterprises to achieve refined management and intelligent decision-making. Mingyuanyun ERP has a SQL injection vulnerability. An attacker can use the SQL injection vulnerability to directly manipulate the back-end database, achieve database dragging, data tampering, unauthorized login, and even write to WebShell to take over the server.

Impact:		An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.