CVE-2026-1122 | Yonyou KSOA 9.0 HTTP GET Parameter /worksheet/work_info.jsp ID sql injection

Inserito da Angelo Barbosa | Gen 17, 2026 | CVE

A vulnerability, which was classified as critical, has been found in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/work_info.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection.

This vulnerability appears as CVE-2026-1122. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1122 | Yonyou KSOA 9.0 HTTP GET Parameter /worksheet/work_info.jsp ID sql injection

Post correlati

CVE-2025-62511 | zheny-creator YtGrabber-TUI up to 1.0.0 on Linux Setting config.json load_json_settings toctou (GHSA-hwwf-fq6p-rw9q)

CVE-2025-7560 | PHPGurukul Online Fire Reporting System 1.2 workin-progress-requests.php teamid sql injection

CVE-2025-31207 | Apple iOS/iPadOS up to 18.4 information disclosure

CVE-2024-42266 | Linux Kernel up to 6.10.3 fs/btrfs/subpage.c cow_file_range_inline return value (061e41581606/478574370bef)