## UF U8 Cloud upload.jsp file upload vulnerability

|   **Vulnerability**  | **UF U8 Cloud upload.jsp file upload vulnerability**  |
| :----:   | :-----|
|  **Chinese name**  | 用友 U8 Cloud upload.jsp 文件上传漏洞 |
| **CVSS core**  | 9.8 |
| **FOFA Query**  (click to view the results directly)| [body="开启U8 cloud云端之旅"](https://en.fofa.info/result?qbase64=Ym9keT0i5byA5ZCvVTggY2xvdWTkupHnq6%2FkuYvml4Ui) |
| **Number of assets affected**  | 13473 |
| **Description**  | yonyou U8 cloud is a cloud ERP developed by yonyou.There is a file upload vulnerability in yonyou U8 upload.jsp, which can be exploited by attackers to gain server privileges. |
| **Impact** | Attackers can use this vulnerability to upload file, execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. |

![](https://s3.bmp.ovh/imgs/2023/09/06/407cf745d8210300.gif)