Notice for Yonyou GRP-U8 SQL Injection Vulnerability

마지막 업데이트 시간:2022-06-23 11:14:26

Notice for Yonyou GRP-U8 SQL Injection Vulnerability

마지막 업데이트 시간: 2022-06-23 11:14:26

On September 11, 2020, Tencent Security noticed a SQL injection vulnerability in Yonyou GRP-U8 internal control and management software for government affairs. Attackers can use a carefully constructed payload to perform SQL injection attacks in order to get sensitive database information.
Exploitations in the wild (ITW) have been detected, and Tencent Cloud WAF supports defense against them. 
Vulnerability Details
Attackers can use a carefully constructed payload to perform SQL injection attacks in order to get sensitive database information, and Tencent Cloud WAF currently supports defense against them. 
Affected Versions
Yonyou GRP-U8 internal control and management software for government affairs.
Suggestions for Fix
According to the vulnerability advisory, there is currently no official update. Tencent Security recommends you:
Restrain exposing the software to the public network due to its sensitivity or use an allowlist policy.
Use WAF to detect and block attacks.
References
CNVD-2020-49261
Yonyou Gov website

문제 해결에 도움이 되었나요?

더 자세한 내용은 문의하기 또는 티켓 제출 을 통해 문의할 수 있습니다.

예

아니오

피드백

tencent cloud

Vulnerability Details

Affected Versions

Suggestions for Fix

References