'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:landry_eis_sql_injection_vulnerability(Rule ID:1070210546)

Release Date2025/11/24

Rule NameLandry EIS ShowUserInfo.aspx SQL Injection Vulnerability

Severity:critical

CVE ID

 

Descripiton

Landry is a domestic digital office professional service provider, the only OA manufacturer invested by Alibaba Dingding, and the first strategic partner in the field of Alibaba Cloud knowledge management and collaboration. The ShowUserInfo.aspx interface of the Landry EIS has an SQL injection vulnerability. Besides taking advantage of this vulnerability to obtain information in the database, attackers can even write Trojans into the server under high privileges to further gain system privileges of the server. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.