'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:yonyou_u8_doupload_arbitrary_file_upload_vulnerability(Rule ID:1070210432)

Release Date2025/9/15

Rule NameYonyou U8 doUpload.jsp Arbitrary File Upload Vulnerability

Severity:high

CVE ID

 

Descripiton

Yonyou U8 is a comprehensive business management platform designed for mid-sized and growing enterprises, offering multi-functional solutions that cover finance, supply chain, production, human resources, and customer relationship management. It helps companies achieve refined management, industrial chain collaboration, and digital transformation. However, Yonyou U8's doUpload.jsp is vulnerable to arbitrary file upload, allowing attackers to upload malicious files to gain server control, steal sensitive data, or launch further attacks, posing a serious threat to system security and data integrity. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.