'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:landry_oa_sql_injection_vulnerability(Rule ID:1070210555)

Release Date2025/12/8

Rule NameLandry OA rpt_listreport_definefield.aspx SQL Injection Vulnerability

Severity:high

CVE ID

 

Descripiton

Landry is a domestic digital office professional service provider, the only OA manufacturer invested by Alibaba Dingding, and the first strategic partner in the field of Alibaba Cloud knowledge management and collaboration. The rpt_listreport_definefield.aspx interface of the Landry OA has an SQL injection vulnerability. Besides taking advantage of this vulnerability to obtain information in the database, attackers can even write Trojans into the server under high privileges to further gain system privileges of the server. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.