12 matches found
CVE-2026-1129
A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now publi...
CVE-2026-1123
A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/workmod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available an...
CVE-2026-1122
A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/workinfo.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly...
PT-2026-3390
Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A flaw exists in Yonyou KSOA 9.0 related to the HTTP GET Parameter Handler. Specifically, manipulation of the ID argument in the /worksheet/work info.jsp file can lead to SQL injection. This issue is remotel...
CVE-2025-15424
A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agentworksdel.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The...
Yonyou KSOA SQL注入漏洞
Yonyou KSOA is an enterprise management software from China's Yonyou Corporation. A SQL injection vulnerability exists in Yonyou KSOA version 9.0, which originates from incorrect manipulation of the parameter ID in the file /worksheet/agentworksadd.jsp, which could lead to a SQL injection attack...
EUVD-2025-35100
PHP Education Manager v1.0 is vulnerable to Cross Site Scripting XSS in the worksheet.php file via the participantname parameter...
CVE-2025-60781
PHP Education Manager v1.0 is vulnerable to Cross Site Scripting XSS in the worksheet.php file via the participantname parameter...
CVE-2025-60781
PHP Education Manager v1.0 is vulnerable to Cross Site Scripting XSS in the worksheet.php file via the participantname parameter...
CVE-2025-60781
PHP Education Manager v1.0 is vulnerable to Cross Site Scripting XSS in the worksheet.php file via the participantname parameter...
CVE-2025-60781
PHP Education Manager v1.0 is vulnerable to Cross Site Scripting XSS in the worksheet.php file via the participantname parameter...
CVE-2025-60781
PHP Education Manager v1.0 is affected by a Cross-Site Scripting (XSS) vulnerability in worksheet.php via the participant_name parameter. The root cause is an unvalidated/unsanitized input in worksheet.php that can be reflected in the web page. The documents do not provide details on affected env...