Ksoa
Monthly
SQL injection in Yonyou KSOA 9.0's /kmf/user_popedom.jsp endpoint allows unauthenticated remote attackers to manipulate the folderid parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires no user interaction and can result in unauthorized data access, modification, or system disruption.
SQL injection in Yonyou KSOA 9.0 via the folderid parameter in /kmf/select.jsp allows unauthenticated remote attackers to manipulate database queries and potentially extract or modify sensitive data. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification.
SQL injection in Yonyou KSOA 9.0 via the folderid parameter in /kmf/save_folder.jsp allows unauthenticated remote attackers to manipulate database queries and potentially access, modify, or delete sensitive data. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available from the vendor.
SQL injection in Yonyou KSOA 9.0 allows unauthenticated remote attackers to manipulate the folderid parameter in /kmf/folder.jsp HTTP requests, potentially leading to unauthorized data access or modification. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response despite early notification.
SQL injection in Yonyou KSOA 9.0 via the folderid parameter in /kmf/edit_folder.jsp allows unauthenticated remote attackers to execute arbitrary database queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early disclosure notification.
SQL injection in Yonyou KSOA 9.0's /kmc/save_catalog.jsp endpoint allows unauthenticated remote attackers to manipulate the catalogid parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires only network access with no user interaction, enabling potential data exfiltration and unauthorized database modification.
Unauthenticated SQL injection in Yonyou KSOA 9.0 via the ID parameter in the /worksheet/worksadd_plan.jsp endpoint allows remote attackers to execute arbitrary SQL queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. The attack requires no authentication or user interaction and can be exploited over the network.
SQL injection in Yonyou KSOA 9.0's /worksheet/worksadd.jsp endpoint allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification. The attack requires no user interaction and could enable unauthorized data access, modification, or deletion.
SQL injection in Yonyou KSOA 9.0 allows unauthenticated remote attackers to manipulate the ID parameter in the /worksheet/work_report.jsp endpoint, potentially enabling unauthorized data access or modification. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification.
SQL injection in Yonyou KSOA 9.0's /worksheet/work_mod.jsp endpoint allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response to disclosure. The attack requires no user interaction and could enable unauthorized data access or modification.
Yonyou KSOA 9.0 contains a SQL injection vulnerability in the /worksheet/work_info.jsp endpoint via an unsanitized ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires no user interaction and can result in unauthorized data access, modification, or denial of service.
SQL injection in Yonyou KSOA 9.0's /worksheet/del_workplan.jsp endpoint allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.
SQL injection in Yonyou KSOA 9.0 allows unauthenticated remote attackers to manipulate the ID parameter in the /worksheet/del_work.jsp endpoint, potentially enabling unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.
A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. [CVSS 7.3 HIGH]
A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. [CVSS 7.3 HIGH]
A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. [CVSS 7.3 HIGH]
A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]
A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]
A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]
A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. [CVSS 7.3 HIGH]
SQL injection in Yonyou KSOA 9.0's /kmf/user_popedom.jsp endpoint allows unauthenticated remote attackers to manipulate the folderid parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires no user interaction and can result in unauthorized data access, modification, or system disruption.
SQL injection in Yonyou KSOA 9.0 via the folderid parameter in /kmf/select.jsp allows unauthenticated remote attackers to manipulate database queries and potentially extract or modify sensitive data. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification.
SQL injection in Yonyou KSOA 9.0 via the folderid parameter in /kmf/save_folder.jsp allows unauthenticated remote attackers to manipulate database queries and potentially access, modify, or delete sensitive data. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available from the vendor.
SQL injection in Yonyou KSOA 9.0 allows unauthenticated remote attackers to manipulate the folderid parameter in /kmf/folder.jsp HTTP requests, potentially leading to unauthorized data access or modification. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response despite early notification.
SQL injection in Yonyou KSOA 9.0 via the folderid parameter in /kmf/edit_folder.jsp allows unauthenticated remote attackers to execute arbitrary database queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early disclosure notification.
SQL injection in Yonyou KSOA 9.0's /kmc/save_catalog.jsp endpoint allows unauthenticated remote attackers to manipulate the catalogid parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires only network access with no user interaction, enabling potential data exfiltration and unauthorized database modification.
Unauthenticated SQL injection in Yonyou KSOA 9.0 via the ID parameter in the /worksheet/worksadd_plan.jsp endpoint allows remote attackers to execute arbitrary SQL queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. The attack requires no authentication or user interaction and can be exploited over the network.
SQL injection in Yonyou KSOA 9.0's /worksheet/worksadd.jsp endpoint allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification. The attack requires no user interaction and could enable unauthorized data access, modification, or deletion.
SQL injection in Yonyou KSOA 9.0 allows unauthenticated remote attackers to manipulate the ID parameter in the /worksheet/work_report.jsp endpoint, potentially enabling unauthorized data access or modification. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification.
SQL injection in Yonyou KSOA 9.0's /worksheet/work_mod.jsp endpoint allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response to disclosure. The attack requires no user interaction and could enable unauthorized data access or modification.
Yonyou KSOA 9.0 contains a SQL injection vulnerability in the /worksheet/work_info.jsp endpoint via an unsanitized ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires no user interaction and can result in unauthorized data access, modification, or denial of service.
SQL injection in Yonyou KSOA 9.0's /worksheet/del_workplan.jsp endpoint allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.
SQL injection in Yonyou KSOA 9.0 allows unauthenticated remote attackers to manipulate the ID parameter in the /worksheet/del_work.jsp endpoint, potentially enabling unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.
A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. [CVSS 7.3 HIGH]
A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. [CVSS 7.3 HIGH]
A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. [CVSS 7.3 HIGH]
A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]
A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]
A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]
A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. [CVSS 7.3 HIGH]