CNNVD-202511-974 Information

CNNVD ID

CNNVD-202511-974

Related CVE

CVE-2025-12867

• CNNVD Published: 2025-11-10

Description (Chinese)

Hundred Plus EIP Plus是中国台湾百加资通（Hundred Plus）公司的一个企业管理软件。 Hundred Plus EIP Plus存在代码问题漏洞，该漏洞源于允许特权远程攻击者上传和执行Web后门，可能导致服务器上执行任意代码。

Description (English)

Hundred Plus EIP Plus is an enterprise management software of the Hongred Plus Corporation of China. There is a code breach in the Hundred Plus EIP Plus, which stems from allowing privileged remote assailants to upload and implement the back door of Web, which may result in the implementation of any code on the server.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

百加资通

Published

2025-11-10

Last Modified

2026-02-24

References

https://www.twcert.org.tw/en/cp-139-10491-004b0-2.html https://www.twcert.org.tw/tw/cp-132-10490-2534b-1.html

Patch

https://www.hundredplus.com/portal/en/productservice/officeplus/eipplus/