Submit #721531: Yonyou KSOA V9.0 SQL Injectioninfo

TitleYonyou KSOA V9.0 SQL Injection
DescriptionDuring the security assessment of KSOA, I discovered a critical SQL injection vulnerability in the "/worksheet/agent_work_report.jsp" file. The vulnerability exists because the application fails to properly sanitize the 'id' parameter before using it in a SQL statement. Remote attackers can exploit this by injecting malicious SQL commands (e.g., WAITFOR DELAY) to delay the response, confirming the injection and allowing for data exfiltration via blind SQL injection techniques.
Source⚠️ https://github.com/master-abc/cve/issues/3
User
 jiefengliang (UID 93721)
Submission12/22/2025 18:16 (3 months ago)
Moderation01/01/2026 19:21 (10 days later)
StatusDuplicate
VulDB entry339342 [Yonyou KSOA 9.0 agent_work_report.jsp ID sql injection]
Points0

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!