Submeter #734565: Yonyou KSOA v9.0 SQL Injectioninformação

TítuloYonyou KSOA v9.0 SQL Injection
DescriçãoA SQL injection vulnerability exists in the Yonyou Space-Time KSOA Platform v9.0. The vulnerability is located in the /worksheet/worksadd_plan.jsp file. The application accepts untrusted input via the id HTTP GET parameter and directly concatenates it into a backend SQL query without proper validation or parameterization. This allows an unauthenticated remote attacker to inject malicious SQL commands, leading to potential data leakage, unauthorized database access, or server manipulation. The backend database appears to be Microsoft SQL Server.
Fonte⚠️ https://github.com/LX-66-LX/cve/issues/12
Utilizador
 LX-66-LX (UID 92717)
Submissão08/01/2026 16h10 (há 3 meses)
Moderação18/01/2026 08h14 (10 days later)
EstadoAceite
Entrada VulDB341720 [Yonyou KSOA 9.0 HTTP GET Parameter worksadd_plan.jsp ID Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!