CNNVD-202512-832 Information

Dec 07, 2025 cve

CNNVD ID

CNNVD-202512-832

CVE-2025-14185

CNNVD Published: 2025-12-07

Description (Chinese)

Yonyou U8 Cloud是中国用友（Yonyou）公司的一款云端企业管理系统。 Yonyou U8 Cloud 5.0版本、5.0sp版本、5.1版本和5.1sp版本存在SQL注入漏洞，该漏洞源于对文件nc/pubitf/erm/mobile/appservice/AppServletService.class中参数usercode的错误操作，可能导致SQL注入。

Description (English)

Yonyou U8 Cloud is a cloud-end enterprise management system for Yonyou. Yonyou U8 Cloud version 5.0, version 5.0sp, version 5.1 and version 5.1sp contain an injection loophole in SQL, which results from an error in the use of the parameter usercode in document nc/pubitf/erm/mobile/appservice/AppServletService.class, which may lead to the injection of SQL.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

用友

Published

2025-12-07

Last Modified

2026-02-24

References

https://vuldb.com/?id.334605 https://github.com/798xuezhiqian-collab/vuln01 https://vuldb.com/?submit.698601 https://vuldb.com/?ctiid.334605 https://access.redhat.com/security/cve/cve-2025-14185

Share on: