Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339853）

Rule General Information


Release Date:		2026-03-30

Rule Name:		PostgreSQL GraphQL Interface SQL Injection Attack Detection

Severity:

CVE ID:

Rule Protection Details


Description:		SQL injection vulnerability is caused by the web application's lack of validation of user input. Attackers submit sql statement to change the execution logic of background sql query, so as to obtain sensitive information or upload webshell. This rule is designed to detect suspicious behaviors where attackers attempt to exploit the parameter-passing feature of GraphQL variables to perform injection attacks.

Impact:		An attacker can Obtain sensitive information or upload a webshell by exploiting the vulnerability.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.