top of page
perceptive_background_267k.jpg

A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Paramete…

Published:

18 januari 2026 om 23:00:00

Alert date:

19 januari 2026 om 02:01:20

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications, Web Technologies

A SQL injection vulnerability has been discovered in Yonyou KSOA 9.0, specifically affecting the /worksheet/worksadd_plan.jsp file through the HTTP GET Parameter Handler. The flaw allows remote attackers to manipulate the ID argument to execute SQL injection attacks. An exploit has been publicly published, making this vulnerability actively exploitable. The vendor was contacted about the disclosure but has not responded, leaving users vulnerable to potential attacks.

Technical details

Mitigation steps:

Affected products:

Yonyou KSOA 9.0

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-1130
https://github.com/LX-66-LX/cve/issues/12
https://vuldb.com/?ctiid.341720
https://vuldb.com/?id.341720
https://vuldb.com/?submit.734565

Related CVE's:

Related threat actors:

IOC's:

/worksheet/worksadd_plan.jsp

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page