Mingyu Operations And Maintenance Audit And Risk Control System

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:anheng_information_(hangzhou_dbapp_security_information_technology_co.,_ltd.):mingyu_operations_and_maintenance_audit_and_risk_control_system:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAnheng Information (Hangzhou Dbapp Security Information Technology Co., Ltd.) (6ff99ce7-d928-57bf-a5c9-111ca4c1274f)
ProductMingyu Operations And Maintenance Audit And Risk Control System (178b3788-f324-5687-b0ec-e796ce51a5aa)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-7325 vulnerable 2026-06-08 06:21:57.557762 Mingyu Operations and Maintenance Audit and Risk Control System xmlrpc.sock SSRF
Anheng Mingyu Operation and Maintenance Audit and Risk Control System up to 2023-08-10 contains a server-side request forgery (SSRF) vulnerability in the xmlrpc.sock handler. The product accepts specially crafted XML-RPC requests that can be used to instruct the server to connect to internal unix socket RPC endpoints and perform privileged XML-RPC methods. An attacker able to send such requests can invoke administrative RPC methods via the unix socket interface to create arbitrary user accounts on the system, resulting in account creation and potential takeover of the bastion host. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-30 at 00:30:17.837319 UTC.
Published: 2025-10-30T21:17:54.830Z
Updated: 2025-10-31T17:18:04.911Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.