Submit #734577: Yonyou KSOA v9.0 SQL Injectioninfo

TitleYonyou KSOA v9.0 SQL Injection
DescriptionA SQL injection vulnerability exists in the Yonyou Space-Time KSOA Platform v9.0. The vulnerability is located in the `/kmf/save_folder.jsp` file. The application accepts untrusted input via the `folderid` HTTP GET parameter and directly concatenates it into a backend SQL query without proper validation or parameterization. This allows an **unauthenticated remote attacker** to inject malicious SQL commands, leading to potential data leakage, unauthorized database access, or server manipulation. The backend database appears to be Microsoft SQL Server.
Source⚠️ https://github.com/LX-66-LX/cve/issues/17
User
 LINXI666 (UID 91556)
Submission01/08/2026 16:40 (5 months ago)
Moderation01/19/2026 08:34 (11 days later)
StatusAccepted
VulDB entry341771 [Yonyou KSOA 9.0 HTTP GET Parameter /kmf/save_folder.jsp folderid sql injection]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!