CVE-2026-1124 | Yonyou KSOA 9.0 HTTP GET Parameter work_report.jsp ID sql injection

A vulnerability has been found in Yonyou KSOA 9.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_report.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection.

This vulnerability is known as CVE-2026-1124. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1124 | Yonyou KSOA 9.0 HTTP GET Parameter work_report.jsp ID sql injection

Post correlati

CVE-2024-38582 | Linux Kernel up to 6.9.2 nilfs2 nilfs_detach_log_writer deadlock

CVE-2024-27564 | ChatGPT f9f4bbc URL pictureproxy.php server-side request forgery

CVE-2024-30454 | VeronaLabs WP SMS Plugin up to 6.6.2 on WordPress cross-site request forgery

CVE-2024-4670 | All-in-One Video Gallery Plugin up to 3.6.5 on WordPress Shortcode aiovg_search_form file inclusion