CVE-2025-15425 | Yonyou KSOA 9.0 HTTP GET Parameter /worksheet/del_user.jsp ID sql injection

Inserito da Angelo Barbosa | Gen 1, 2026 | CVE

A vulnerability classified as critical was found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing manipulation of the argument ID can lead to sql injection.

This vulnerability is handled as CVE-2025-15425. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15425 | Yonyou KSOA 9.0 HTTP GET Parameter /worksheet/del_user.jsp ID sql injection

Post correlati

CVE-2024-4090 | loating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Plugin Setting cross site scripting

CVE-2023-26690 | CS-Cart MultiVendor 4.16.1 File Manager unrestricted upload

CVE-2025-7484 | PHPGurukul Vehicle Parking Management System 1.13 view-outgoingvehicle-detail.php viewid sql injection

CVE-2025-5327 | chshcms mccms 2.7 Gf.php index pic server-side request forgery