漏洞描述
用友NC是一套全面的企业资源规划软件解决方案,用于管理企业的各个方面,包括财务、人力资源、供应链、生产和销售等。 用友NC /portal/pt/oacoSchedulerEvents/isAgentLimit 存在SQL注入漏洞,攻击者可通过该漏洞在服务器端写⼊后⻔,获取服务器权限,进⽽控制整个web服务器。
用友-UFIDA-NC /portal/pt/oacoSchedulerEvents/isAgentLimit SQL 注入漏洞
PoC代码
暂无相关漏洞推荐
- yonyou-ufida-oa-uapws-xxe: 用友 UFIDA OA XXE
- POC CVE-2025-2709: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC CVE-2025-2710: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC CVE-2025-2711: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC CVE-2025-2712: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC CVD-2023-3118: 用友 UFIDA ActionHandlerServlet 反序列化漏洞
- POC CNVD-2021-30167: UFIDA NC BeanShell Remote Command Execution
- POC CNVD-C-2023-76801: UFIDA NC uapjs - Remote Code Execution
- POC CNVD-2024-33023: UFIDA U8 Cloud - SQL Injection
- POC chanjet-tplus-fileupload: UFIDA Chanjet TPluse Upload.aspx - Arbitrary File Upload
- POC grp-u8-uploadfiledata: UFIDA GRP-U8 UploadFileData - Arbitrary File Upload
- POC yonyou-grp-u8-xxe: Yonyou UFIDA GRP-u8 - XXE
- POC yonyou-nc-grouptemplet-fileupload: UFIDA NC Grouptemplet Interface - Unauthenticated File Upload