Submeter #721531: Yonyou KSOA V9.0 SQL Injectioninformação

TítuloYonyou KSOA V9.0 SQL Injection
DescriçãoDuring the security assessment of KSOA, I discovered a critical SQL injection vulnerability in the "/worksheet/agent_work_report.jsp" file. The vulnerability exists because the application fails to properly sanitize the 'id' parameter before using it in a SQL statement. Remote attackers can exploit this by injecting malicious SQL commands (e.g., WAITFOR DELAY) to delay the response, confirming the injection and allowing for data exfiltration via blind SQL injection techniques.
Fonte⚠️ https://github.com/master-abc/cve/issues/3
Utilizador
 jiefengliang (UID 93721)
Submissão22/12/2025 18h16 (há 3 meses)
Moderação01/01/2026 19h21 (10 days later)
EstadoDuplicado
Entrada VulDB339342 [Yonyou KSOA 9.0 agent_work_report.jsp ID Injeção SQL]
Pontos0

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!