tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Web Application Firewall
    Documentation
    Download PDF

    Notice for Yonyou GRP-U8 SQL Injection Vulnerability

    Last updated: 2022-06-23 11:14:26
    Download PDF
      On September 11, 2020, Tencent Security noticed a SQL injection vulnerability in Yonyou GRP-U8 internal control and management software for government affairs. Attackers can use a carefully constructed payload to perform SQL injection attacks in order to get sensitive database information.
      Exploitations in the wild (ITW) have been detected, and Tencent Cloud WAF supports defense against them.

      Vulnerability Details

      Attackers can use a carefully constructed payload to perform SQL injection attacks in order to get sensitive database information, and Tencent Cloud WAF currently supports defense against them.

      Affected Versions

      Yonyou GRP-U8 internal control and management software for government affairs.

      Suggestions for Fix

      According to the vulnerability advisory, there is currently no official update. Tencent Security recommends you:
      Restrain exposing the software to the public network due to its sensitivity or use an allowlist policy.
      Use WAF to detect and block attacks.

      References

      CNVD-2020-49261
      Yonyou Gov website
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy