| 제목 | Yonyou KSOA V9.0 SQL Injection |
|---|
| 설명 | During the security assessment of KSOA, I discovered a critical SQL injection vulnerability in the "/worksheet/agent_work_report.jsp" file. The vulnerability exists because the application fails to properly sanitize the 'id' parameter before using it in a SQL statement. Remote attackers can exploit this by injecting malicious SQL commands (e.g., WAITFOR DELAY) to delay the response, confirming the injection and allowing for data exfiltration via blind SQL injection techniques. |
|---|
| 원천 | ⚠️ https://github.com/master-abc/cve/issues/3 |
|---|
| 사용자 | jiefengliang (UID 93721) |
|---|
| 제출 | 2025. 12. 22. PM 06:16 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 01. 01. PM 07:21 (10 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 339342 [Yonyou KSOA 9.0 agent_work_report.jsp 아이디 SQL 주입] |
|---|
| 포인트들 | 0 |
|---|