Icesc0Rpion

**Name of the Vulnerable Software and Affected Versions** Yonyou U8 Cloud versions prior to 5.1sp **Description** A flaw exists in Yonyou U8 Cloud that allows for unrestricted file upload. This issue stems from manipulation of the `ts/sign` argument within a request header handled by an unknown function in the `/service/NCloudGatewayServlet` file. The vulnerability can be exploited remotely. The details of the exploit have been publicly disclosed. **Recommendations** Update to a version later than 5.1sp.