Title: Yonyou KS0A v9.0 SQL Injection Description: - A SQL injection vulnerability exists in the Yonyou Space-Time KS0A Platform v9.0. - The vulnerability is located in the file. - The application accepts untrusted input via the HTTP GET parameter and directly concatenates it into a backend SQL query without proper validation or parameterization. - This allows an unauthenticated remote attacker to inject malicious SQL commands, leading to potential data leakage, unauthorized database access, or server manipulation. - The backend database appears to be Microsoft SQL Server. Source: https://github.com/LX-66-LX/cve/issues/13 User: LX-66-LX (UID 92717) Submission Date: 01/08/2026 04:15 PM Moderation Date: 01/18/2026 08:14 AM Status: Accepted VulDB Entry: 341721 Points: 20