CVE-2026-1179 | Yonyou KSOA 9.0 HTTP GET Parameter /kmf/user_popedom.jsp folderid sql injection

Inserito da Angelo Barbosa | Gen 19, 2026 | CVE

A vulnerability was found in Yonyou KSOA 9.0 and classified as critical. This affects an unknown part of the file /kmf/user_popedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection.

This vulnerability is reported as CVE-2026-1179. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1179 | Yonyou KSOA 9.0 HTTP GET Parameter /kmf/user_popedom.jsp folderid sql injection

Post correlati

CVE-2025-7561 | PHPGurukul Online Fire Reporting System 1.2 team-ontheway-requests.php teamid sql injection

CVE-2024-2427 | Rockwell Automation PowerFlex 527 Data Packet denial of service

CVE-2024-45519 | Zimbra Collaboration Suite postjournal Service improper authentication

CVE-2024-12466 | Proofreading Plugin up to 1.2.1.1 on WordPress cross site scripting