Submeter #734568: Yonyou KSOA v9.0 SQL Injectioninformação

TítuloYonyou KSOA v9.0 SQL Injection
DescriçãoA SQL injection vulnerability exists in the Yonyou Space-Time KSOA Platform v9.0. The vulnerability is located in the `/kmf/edit_folder.jsp` file. The application accepts untrusted input via the `folderid` HTTP GET parameter and directly concatenates it into a backend SQL query without proper validation or parameterization. This allows an **unauthenticated remote attacker** to inject malicious SQL commands, leading to potential data leakage, unauthorized database access, or server manipulation. The backend database appears to be Microsoft SQL Server.
Fonte⚠️ https://github.com/LX-66-LX/cve/issues/15
Utilizador
 LX-66-LX (UID 92717)
Submissão08/01/2026 16h26 (há 3 meses)
Moderação18/01/2026 08h14 (10 days later)
EstadoAceite
Entrada VulDB341722 [Yonyou KSOA 9.0 HTTP GET Parameter /kmf/edit_folder.jsp folderid Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!