CVE-2026-1177 | Yonyou KSOA 9.0 HTTP GET Parameter /kmf/save_folder.jsp folderid sql injection

A vulnerability, which was classified as critical, was found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/save_folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection.

This vulnerability is registered as CVE-2026-1177. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1177 | Yonyou KSOA 9.0 HTTP GET Parameter /kmf/save_folder.jsp folderid sql injection

Post correlati

CVE-2024-37300 | jupyterhub oauthenticator up to 16.3.0 authorization (GHSA-gprj-3p75-f996)

CVE-2024-2571 | SourceCodester Employee Task Management System 1.0 /manage-admin.php redirect

CVE-2024-56085 | Logpoint up to 7.4.x Search Template Dashboard injection

CVE-2024-49628 | WhileTrue Most and Least Read Posts Widget Plugin up to 2.5.18 on WordPress cross-site request forgery