Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339672）

Rule General Information


Release Date:		2025-12-02

Rule Name:		Hongfan OA zyy_AttFile.asmx SQL Injection Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Hongfan OA is an information management platform developed by Hongfan Technology based on the latest Microsoft .NET technology. The Hongfan OA system provides OA functions for hospitals, enabling the completion of administrative office tasks such as information dissemination, process approval, document management, schedule management, work arrangement, file transfer, and online communication. Hongfan Collaborative Office System is the most professional and has the most successful cases of hospital OA in China. The Hongfan iOffice Hospital Edition has an SQL injection vulnerability, which attackers can exploit to obtain sensitive database information.

Impact:		An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.