CVE-2025-15424 | Yonyou KSOA 9.0 HTTP GET Parameter agent_worksdel.jsp ID sql injection

Inserito da Angelo Barbosa | Gen 1, 2026 | CVE

A vulnerability classified as critical has been found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing manipulation of the argument ID results in sql injection.

This vulnerability is known as CVE-2025-15424. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15424 | Yonyou KSOA 9.0 HTTP GET Parameter agent_worksdel.jsp ID sql injection

Post correlati

CVE-2024-1664 | Responsive Gallery Grid Plugin up to 2.3.10 on WordPress Setting cross site scripting

CVE-2024-34212 | Totolink CP450 4.1.0cu.747_B20191224 CloudACMunualUpdate stack-based overflow

CVE-2023-7214 | Totolink N350RT 9.3.5u.6139_B20201216 HTTP POST Request cstecgi.cgi main v8 stack-based overflow

CVE-2024-0467 | code-projects Employee Profile Management System 1.0 edit_position_query.php pos_name cross site scripting