'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app: yonyou_chanjet_file_upload(Rule ID:1070210264)

Release Date2025/9/15

Rule NameYonyou Chanjet T+ Arbitrary File Upload Vulnerability

Severity:critical

CVE ID

 

Descripiton

Yonyou Chanjet T+ is a new type of internet enterprise management system, which can meet the needs of small and micro enterprises to manage and control their flexible business processes, focus on transaction management, order tracking, capital, inventory and other management problems. There is an arbitrary file upload vulnerability in T+, and the unauthenticated remote attacker can construct a specific request to upload a malicious file to the target system, thus executing arbitrary code on the server.
Other reference:None

 

Solution

Update vendor patches.