Create yongyou_GRP-U8_U8App_Proxy_Arbitrary_file_upload_vulnerability.md

add yongyou GRP-U8 U8AppProxy Arbitrary file upload vulnerability
2025-06-20 09:50:49 +00:00 · 2023-06-09 17:58:19 +08:00 · 2023-06-09 17:58:19 +08:00 · 3025991a2e
commit 3025991a2e
parent 144b548805
1 changed files with 12 additions and 0 deletions
--- a/yongyou_GRP-U8_U8App_Proxy_Arbitrary_file_upload_vulnerability.md
+++ b/yongyou_GRP-U8_U8App_Proxy_Arbitrary_file_upload_vulnerability.md
@ -0,0 +1,12 @@
+## yongyou GRP-U8 U8AppProxy Arbitrary file upload vulnerability
+
+|   **Vulnerability**  | **yongyou GRP-U8 U8AppProxy Arbitrary file upload vulnerability**  |
+| :----:   | :-----|
+|  **Chinese name**  | 用友GRP-U8 软件 U8AppProxy 任意文件上传漏洞 |
+| **CVSS core**  | 9.0 |
+| **FOFA Query**  (click to view the results directly)| [body="window.location.replace(\"login.jsp?up=1\")" \|\| body="GRP-U8"](https://en.fofa.info/result?qbase64=Ym9keT0id2luZG93LmxvY2F0aW9uLnJlcGxhY2UoXCJsb2dpbi5qc3A%2FdXA9MVwiKSIgfHwgYm9keT0iR1JQLVU4Ig%3D%3D) |
+| **Number of assets affected**  | 1308 |
+| **Description**  | Yonyou GRP-U8 management software is a new generation of products launched by UFIDA focusing on national e-government affairs and based on cloud computing technology. It is the most professional government financial management software in the field of administrative affairs and finance in my country. UFIDA GRP-U8 management software U8AppProxy has an arbitrary file upload vulnerability, an attacker can upload a webshell to obtain server permissions.|
+| **Impact** | UFIDA GRP-U8 management software U8AppProxy has an arbitrary file upload vulnerability, an attacker can upload a webshell to obtain server permissions. |
+  
+![](https://s3.bmp.ovh/imgs/2023/06/08/5cccc970d4c3d964.gif)