'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:tongxiang_hrmp_downloadtemplate_arbitrary_file_download_vul(Rule ID:1070210417)

Release Date2025/9/15

Rule NameTongxiang Human Resources Management Platform DownloadTemplate Arbitrary File Download Vulnerability

Severity:high

CVE ID

 

Descripiton

Tongxiang Human Resources Management Platform is a system that integrates human resources management functions. It aims to optimize the personnel management, employee collaboration, and data processing processes of enterprises through digital tools, and improve the efficiency and scientific decision-making of human resources management. The Tongxiang human resources management platform has an arbitrary file download vulnerability, which allows attackers to illegally obtain sensitive files (such as configuration files, user data, etc.) on the server, thereby causing information leakage, system tampering, or further attacks, posing a serious threat to system security and user privacy.This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.