Enviar #721352: Yonyou KSOA V9.0 SQL Injectioninformación

Título	Yonyou KSOA V9.0 SQL Injection
Descripción	A SQL injection vulnerability exists in the Yonyou Space-Time KSOA Platform v9.0. The vulnerability is located in the `/worksheet/del_user.jsp` file. The application accepts untrusted input via the `id` HTTP GET parameter and directly concatenates it into a backend SQL query without proper validation or parameterization. This allows an unauthenticated remote attacker to inject malicious SQL commands, leading to potential data leakage, unauthorized database access, or server manipulation. The backend database appears to be Microsoft SQL Server.
Fuente	⚠️ https://github.com/master-abc/cve/blob/main/Yonyou%20Space-Time%20Enterprise%20Information%20Integration%20KSOA%20Platform%20worksheet%20del_user.jsp%20SQL%20injection.md
Usuario	jiefengliang (UID 93721)
Sumisión	2025-12-22 07:26 (hace 4 meses)
Moderación	2026-01-01 12:12 (10 days later)
Estado	Aceptado
Entrada de VulDB	339347 [Yonyou KSOA 9.0 HTTP GET Parameter /worksheet/del_user.jsp ID inyección SQL]
Puntos	20

Might our Artificial Intelligence support you?

Check our Alexa App!