CVE-2025-15435 | Yonyou KSOA 9.0 work_update.jsp Report sql injection

Inserito da Angelo Barbosa | Gen 1, 2026 | CVE

A vulnerability, which was classified as critical, has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. This manipulation of the argument Report causes sql injection.

This vulnerability is handled as CVE-2025-15435. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15435 | Yonyou KSOA 9.0 work_update.jsp Report sql injection

Post correlati

CVE-2025-15426 | jackying H-ui.admin up to 3.1 preview.php unrestricted upload

CVE-2024-12274 | Appointment Booking Calendar Plugin and Scheduling Plugin Export Setting information disclosure

CVE-2013-10070 | PHP-Charts 1.0 GET Parameter wizard/url.php eval eval injection (EDB-24201)

CVE-2024-50164 | Linux Kernel up to 6.6.58/6.11.5 bpf check_mem_size_reg initialization (48068ccaea95/54bc31682660/8ea607330a39)