cbcvebase.

Yonyou Ksoa vulnerabilities

20 known vulnerabilities affecting yonyou/ksoa.

Total CVEs
20
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL20

Vulnerabilities

Page 1 of 1
CVE-2025-15436P2CRITICALCVSS 9.8v9.02026-01-02
CVE-2025-15436 [CRITICAL] CWE-74 CVE-2025-15436: A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functional A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. Such manipulation of the argument Report leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this di
nvd
CVE-2026-1178P2CRITICALCVSS 9.8v9.02026-01-19
CVE-2026-1178 [CRITICAL] CWE-74 CVE-2026-1178: A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknow A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Th
nvd
CVE-2025-15434P2CRITICALCVSS 9.8v9.02026-01-02
CVE-2025-15434 [CRITICAL] CWE-74 CVE-2025-15434: A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/Pri A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way
nvd
CVE-2026-1132P2CRITICALCVSS 9.8v9.02026-01-19
CVE-2026-1132 [CRITICAL] CWE-74 CVE-2026-1132: A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the fil A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/edit_folder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was co
nvd
CVE-2026-1131P2CRITICALCVSS 9.8v9.02026-01-19
CVE-2026-1131 [CRITICAL] CWE-74 CVE-2026-1131: A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/ A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/save_catalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was
nvd
CVE-2026-1120P2CRITICALCVSS 9.8v9.02026-01-18
CVE-2026-1120 [CRITICAL] CWE-74 CVE-2026-1120: A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of th A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_work.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was c
nvd
CVE-2025-15420P3CRITICALCVSS 9.8v9.02026-01-02
CVE-2025-15420 [CRITICAL] CWE-74 CVE-2025-15420: A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the f A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but
nvd
CVE-2026-1179P3CRITICALCVSS 9.8v9.02026-01-19
CVE-2026-1179 [CRITICAL] CWE-74 CVE-2026-1179: A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/user_ A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/user_popedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this discl
nvd
CVE-2026-1177P3CRITICALCVSS 9.8v9.02026-01-19
CVE-2026-1177 [CRITICAL] CWE-74 CVE-2026-1177: A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown func A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/save_folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to th
nvd
CVE-2025-15435P3CRITICALCVSS 9.8v9.02026-01-02
CVE-2025-15435 [CRITICAL] CWE-74 CVE-2025-15435: A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did
nvd
CVE-2026-1130P3CRITICALCVSS 9.8v9.02026-01-19
CVE-2026-1130 [CRITICAL] CWE-74 CVE-2026-1130: A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /wo A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted e
nvd
CVE-2026-1123P3CRITICALCVSS 9.8v9.02026-01-18
CVE-2026-1123 [CRITICAL] CWE-74 CVE-2026-1123: A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /work A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/work_mod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about
nvd
CVE-2026-1133P3CRITICALCVSS 9.8v9.02026-01-19
CVE-2026-1133 [CRITICAL] CWE-74 CVE-2026-1133: A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of th A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendo
nvd
CVE-2026-1129P3CRITICALCVSS 9.8v9.02026-01-19
CVE-2026-1129 [CRITICAL] CWE-74 CVE-2026-1129: A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about
nvd
CVE-2026-1121P3CRITICALCVSS 9.8v9.02026-01-18
CVE-2026-1121 [CRITICAL] CWE-74 CVE-2026-1121: A vulnerability was found in Yonyou KSOA 9.0. This affects an unknown function of the file /workshee A vulnerability was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/del_workplan.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about
nvd
CVE-2026-1122P3CRITICALCVSS 9.8v9.02026-01-18
CVE-2026-1122 [CRITICAL] CWE-74 CVE-2026-1122: A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /wor A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/work_info.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted ear
nvd
CVE-2025-15421P3CRITICALCVSS 9.8v9.02026-01-02
CVE-2025-15421 [CRITICAL] CWE-74 CVE-2025-15421: A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early a
nvd
CVE-2025-15425P3CRITICALCVSS 9.8v9.02026-01-02
CVE-2025-15425 [CRITICAL] CWE-74 CVE-2025-15425: A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of th A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The v
nvd
CVE-2025-15424P3CRITICALCVSS 9.8v9.02026-01-02
CVE-2025-15424 [CRITICAL] CWE-74 CVE-2025-15424: A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the fil A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The
nvd
CVE-2026-1124P3CRITICALCVSS 9.8v9.02026-01-18
CVE-2026-1124 [CRITICAL] CWE-74 CVE-2026-1124: A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_report.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to th
nvd
Yonyou Ksoa vulnerabilities | cvebase