← volver
CVE-2025-12344

Yonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted upload

CVSS 5.3 MEDIUMEPSS 0.2%CWE-284CWE-434
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
Yonyou · U8 Cloud

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/IceSc0rpion/CVE/issues/1https://vuldb.com/?ctiid.330129https://vuldb.com/?id.330129https://vuldb.com/?submit.674532