Primary

Context

Yonyou YonBIP Path Traversal Vulnerability in LoginWithV8 Interface

Vulnerability

A path traversal vulnerability has been identified in Yonyou YonBIP versions through 3, within the LoginWithV8 interface of the data application service system. This vulnerability allows unauthorized access to sensitive information by improperly handling path references, which can be exploited by traversing directory structures.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, including exposure of admin account tokens, within the affected system.

Reproduction

To reproduce this vulnerability, send a GET request to the LoginWithV8 interface with a ticket parameter that includes path traversal sequences, such as '../' symbols. This will bypass directory restrictions and access sensitive files, like the Windows win.ini file. The response will confirm the successful exploitation by displaying the contents of the accessed file.

Added: Jan 9, 2026, 5:26 PM

Updated: Jan 9, 2026, 5:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

9.5

remediation

0.0

relevance

1.9

threat

6.5

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

9.5

remediation

0.0

relevance

1.9

threat

6.5

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yonyou YonBIP Path Traversal Vulnerability in LoginWithV8 Interface

Vulnerability

Impact

Reproduction

Affected Products

Yonyou YonBIP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating