'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

web_app:yonyou_u8crm_authentication_bypass(Rule ID:1070210522)

Release Date2025/9/15

Rule NameYonyou U8 CRM Authentication Bypass Vulnerability

Severity:mid

CVE ID

 

Descripiton

Yonyou CRM is a software developed by Yonyou, which is specially designed to help enterprises manage customer related business activities. The Yonyou CRM system has a logic vulnerability at the reservationcomplete.php interface, through which an attacker can directly go into the background to obtain background permissions, so as to prepare for subsequent access to server permissions. This rule supports to defend the A6: Vulnerabe and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.