'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

web_app:glodon_oa__file_create_vul(Rule ID:1070210541)

Release Date2025/9/29

Rule NameGlodon OA Arbitrary File Create Vulnerability

Severity:high

CVE ID

 

Descripiton

Glodon OA is a digital office platform specially built for the construction industry, which integrates process approval, project collaboration and data integration to help enterprises manage efficiently. Glodon OA has an arbitrary file creation vulnerability. An attacker can use the vulnerability to create a file on the server, and then use another vulnerability to write malicious code in the newly created file, so as to achieve remote code execution. This rule supports to defend the A6: Vulnerabe and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.