| عنوان | Yonyou KSOA V9.0 SQL Injection |
|---|
| الوصف | A SQL injection vulnerability exists in the Yonyou Space-Time KSOA Platform v9.0. The vulnerability is located in the `/worksheet/agent_worksdel.jsp` file. The application accepts untrusted input via the `id` HTTP GET parameter and directly concatenates it into a backend SQL query without proper validation or parameterization. This allows an unauthenticated remote attacker to inject malicious SQL commands, leading to potential data leakage, unauthorized database access, or server manipulation. The backend database appears to be Microsoft SQL Server. |
|---|
| المصدر | ⚠️ https://github.com/master-abc/cve/blob/main/Yonyou%20Space-Time%20Enterprise%20Information%20Integration%20KSOA%20Platformworksheetagent_worksdel.jsp%20SQL%20injection.md |
|---|
| المستخدم | jiefengliang (UID 93721) |
|---|
| ارسال | 22/12/2025 07:11 AM (4 أشهر منذ) |
|---|
| الاعتدال | 01/01/2026 12:12 PM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 339346 [Yonyou KSOA 9.0 HTTP GET Parameter agent_worksdel.jsp معرف حقن SQL] |
|---|
| النقاط | 20 |
|---|