'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

web_app:yonyou_u9_GetConnectionString_infomation_leakage(Rule ID:1070210531)

Release Date2025/9/15

Rule NameYonyou U9 GetConnectionString Infomation Leakage Vulnerability

Severity:mid

CVE ID

 

Descripiton

Yonyou U9 is a cloud integrated ERP for large and medium-sized manufacturing industries. It focuses on multi organization, multi factory collaboration and intelligent manufacturing to achieve real-time global business operations. Yonyou U9 GetConnectionString has an information disclosure vulnerability, through which an attacker can obtain database connection information, including database account passwords and other sensitive information. This rule supports to defend the A6: Vulnerabe and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.