漏洞描述
用友UFIDA-NC是一款企业管理软件,由用友软件开发和推出。该软件提供了一套完整的企业管理解决方案,包括财务管理、人力资源管理、供应链管理、生产管理等功能模块,可以帮助企业实现全面的管理和运营。用友UFIDANC系统marmot.rpc.d接口存在XML实体注入漏洞
用友UFIDA NC系统marmot.rpc.d接口存在XML实体注入漏洞
PoC代码
暂无相关漏洞推荐
- yonyou-ufida-oa-uapws-xxe: 用友 UFIDA OA XXE
- POC CVE-2025-2709: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC CVE-2025-2710: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC CVE-2025-2711: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC CVE-2025-2712: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC CVD-2023-3118: 用友 UFIDA ActionHandlerServlet 反序列化漏洞
- POC CNVD-2021-30167: UFIDA NC BeanShell Remote Command Execution
- POC CNVD-C-2023-76801: UFIDA NC uapjs - Remote Code Execution
- POC CNVD-2024-33023: UFIDA U8 Cloud - SQL Injection
- POC chanjet-tplus-fileupload: UFIDA Chanjet TPluse Upload.aspx - Arbitrary File Upload
- POC grp-u8-uploadfiledata: UFIDA GRP-U8 UploadFileData - Arbitrary File Upload
- POC yonyou-grp-u8-xxe: Yonyou UFIDA GRP-u8 - XXE
- POC yonyou-nc-grouptemplet-fileupload: UFIDA NC Grouptemplet Interface - Unauthenticated File Upload