用友时空KSOA v9.0 SQL注入漏洞分析

关键信息 Title: Yonyou KSOA v9.0 SQL Injection Description: - SQL injection vulnerability exists in Yonyou Space-Time KSOA Platform v9.0. - Vulnerability located in file. - Application accepts untrusted input via HTTP GET parameter. - Direct concatenation into backend SQL query without proper validation. - Allows unauthenticated remote attacker to inject malicious SQL commands. - Potential risks: data leakage, unauthorized database access, server manipulation. - Backend database is Microsoft SQL Server. Source: https://github.com/LX-66-LX/cve/issues/12 User: LX-66-LX (UID 92717) Submission Date: 01/08/2026 04:10 PM Moderation Date: 01/18/2026 08:14 AM Status: Accepted VulDB Entry: 341720 [Yonyou KSOA 9.0 HTTP GET Parameter worksadd_plan.jsp ID sql injection] Points: 20

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

用友时空KSOA v9.0 SQL注入漏洞分析

目标达成感谢每一位支持者 — 我们达成了 100% 目标！