CVE-2026-1123 | Yonyou KSOA 9.0 HTTP GET Parameter /worksheet/work_mod.jsp ID sql injection

Inserito da Angelo Barbosa | Gen 17, 2026 | CVE

A vulnerability, which was classified as critical, was found in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/work_mod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID leads to sql injection.

This vulnerability is traded as CVE-2026-1123. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1123 | Yonyou KSOA 9.0 HTTP GET Parameter /worksheet/work_mod.jsp ID sql injection

Post correlati

CVE-2024-35968 | Linux Kernel up to 6.8.6 pds_core pci_reset_function deadlock (38407914d482/81665adf25d2)

CVE-2024-0256 | cifi Starbox Plugin up to 3.4.8 on WordPress Profile Display Name/Social Settings cross site scripting (ID 3029599)

CVE-2025-13786 | taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 /index.php fetch content code injection

CVE-2024-6059 | Ingenico Estate Manager 2023 News Feed /emgui/rest/ums/messages message cross site scripting