CNNVD-202506-3427 Information
CNNVD ID
CNNVD-202506-3427
Related CVE
- CNNVD Published: 2025-06-27
Description (Chinese)
Kingdee Cloud-Starry-Sky Enterprise Edition是中国金蝶(Kingdee)公司的一个面向成长型企业的数字化转型解决方案。 Kingdee Cloud-Starry-Sky Enterprise Edition 6.x版本、7.x版本、8.x版本和9.0版本存在安全漏洞,该漏洞源于Freemarker引擎模板元素中和不当,可能导致模板注入攻击。
Description (English)
Kingdee Cloud-Starry-Sky Enterprise Education is a digital transformation solution for growth-oriented enterprises in Kingdee, China. There is a security loophole in Kingdee Cloud-Starry-Sky Enterprise 6.x, 7.x, 8.x and 9.0, which originates from the inappropriateness of the elements of the Freemarker engine template, which may lead to a template being injected into the attack.
Hazard Level
Medium
Vulnerability Type
其他
Published
2025-06-27
Last Modified
2026-02-24
References
https://vip.kingdee.com/link/s/ZlWX7 https://vip.kingdee.com/school/detail/713028702245944320 https://vuldb.com/?ctiid.314072 https://vuldb.com/?id.314072 https://vuldb.com/?submit.601207
Share on: