CVE-2026-1178 | Yonyou KSOA 9.0 HTTP GET Parameter /kmf/select.jsp folderid sql injection

Inserito da Angelo Barbosa | Gen 19, 2026 | CVE

A vulnerability has been found in Yonyou KSOA 9.0 and classified as critical. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid leads to sql injection.

This vulnerability is documented as CVE-2026-1178. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1178 | Yonyou KSOA 9.0 HTTP GET Parameter /kmf/select.jsp folderid sql injection

Post correlati

CVE-2024-51246 | Draytek Vigor 3900 1.5.1.3 mainfunction.cgi doPPTP command injection

CVE-2025-2032 | ChestnutCMS 1.5.2 /cms/file/rename renameFile path traversal

CVE-2023-46950 | Contribsys Sidekiq 6.5.8 URL filter cross site scripting

CVE-2025-21102 | Dell VxRail HCI up to 7.0.532 credentials storage (dsa-2025-027)