58 matches found
CVE-2023-4748
A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807. This issue affects some unknown processing of the file PrintTemplateFileServlet.java. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. The...
EUVD-2025-19039
Malicious code in bioql PyPI...
EUVD-2023-54596
Malicious code in bioql PyPI...
CVE-2025-34039
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This...
CVE-2025-34039 Yonyou NC BeanShell Command Injection
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This...
Yonyou UFIDA NC 安全漏洞
Yonyou UFIDA NC is a high-end management software from China's UFIDA Yonyou Corporation. A security vulnerability exists in Yonyou UFIDA NC v6.5 and prior versions, which originates from a code injection attack due to exposure of a BeanShell test servlet...
VulnCheck KEV: CVE-2025-34039
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This...
SQL Injection Vulnerability in UFIDA NC of UFIDA Network Technology Co.
UFIDA NC is a comprehensive business management software for large enterprises. A SQL injection vulnerability exists in UFIDA NC, which can be exploited by attackers to obtain sensitive database information...
SQL Injection Vulnerability in UFIDA NC of UFIDA Network Technology Co.
UFIDA NC is a large erp enterprise management system and e-commerce platform. A SQL injection vulnerability exists in UFIDA NC, which can be exploited by attackers to obtain sensitive database information...
SQL Injection Vulnerability in UFIDA NC of UFIDA Network Technology Co. Ltd (CNVD-C-2024-947797)
UFIDA NC is a large erp enterprise management system and e-commerce platform. A SQL injection vulnerability exists in UFIDA NC, which can be exploited by attackers to obtain sensitive database information...
Command Execution Vulnerability in UFIDA NC at UFIDA Network Technology Co.
UFIDA NC is a large erp enterprise management system and e-commerce platform. A command execution vulnerability exists in UFIDA NC, which can be exploited by an attacker to execute arbitrary commands...
Arbitrary File Read Vulnerability in UFIDA NC at UFIDA Network Technology Co.
UFIDA NC is a large erp enterprise management system and e-commerce platform. UFIDA NC suffers from an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...
SQL Injection Vulnerability in NC of UFIDA Network Technology Co.
UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...
XML Entity Injection Vulnerability in UFIDA NC at UFIDA Network Technology Co.
UFIDA NC is a comprehensive business management software for large enterprises. An XML entity injection vulnerability exists in UFIDA NC, which can be exploited by attackers to obtain sensitive information...
SQL Injection Vulnerability in UFIDA NC of UFIDA Network Technology Co.
UFIDA NC is a large erp enterprise management system and e-commerce platform. A SQL injection vulnerability exists in UFIDA NC, which can be exploited by attackers to obtain sensitive database information...
SQL Injection Vulnerability in UFIDA NC of UFIDA Network Technology Co.
UFIDA NC is a large erp enterprise management system and e-commerce platform. A SQL injection vulnerability exists in UFIDA NC, which can be exploited by attackers to obtain sensitive database information...
Information Disclosure Vulnerability in UFIDA NC Cloud of UFIDA Network Technology Co.
UFIDA NC Cloud is a large enterprise digitalization platform that supports flexible deployment modes of public, hybrid and proprietary clouds. An information disclosure vulnerability exists in UFIDA NC Cloud, which can be exploited by attackers to obtain sensitive information...
File upload vulnerability exists in UFIDA NC of UFIDA Network Technology Co.(CNVD-2024-35510)
UFIDA NC is a large erp enterprise management system and e-commerce platform. A file upload vulnerability exists in UFIDA NC, which can be exploited by attackers to gain server privileges...
Command Execution Vulnerability in UFIDA NC Cloud at UFIDA Network Technology Co.
UFIDA NC Cloud is a large-scale enterprise digitalization platform launched by UFIDA Network Technology Co. A command execution vulnerability exists in UFIDA NC Cloud, which can be exploited by an attacker to execute arbitrary commands...
SQL Injection Vulnerability in UFIDA NC of UFIDA Network Technology Co. Ltd (CNVD-2024-31573)
UFIDA NC is a large erp enterprise management system and e-commerce platform. A SQL injection vulnerability exists in UFIDA NC, which can be exploited by attackers to obtain sensitive database information...