A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet) without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This can be exploited to run system commands and ultimately gain full control over the target server. The issue is rooted in a third-party JAR component bundled with the application, and the servlet is accessible without authentication on vulnerable installations.
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
| Link | Tags |
|---|---|
| https://www.cnblogs.com/pursue-security/p/17685141.html | technical description exploit |
| https://www.cnvd.org.cn/flaw/show/CNVD-2021-30167 | third party advisory |
| https://vulncheck.com/advisories/yonyou-ufida-nc-beanshell-code-injection | third party advisory |