CNNVD-202601-766 Information

CNNVD ID

CNNVD-202601-766

Related CVE

CVE-2025-15425

• CNNVD Published: 2026-01-02

Description (Chinese)

Yonyou KSOA是中国用友（Yonyou）公司的一个企业级管理软件。 Yonyou KSOA 9.0版本存在SQL注入漏洞，该漏洞源于对文件/worksheet/del_user.jsp中参数ID的错误操作，可能导致SQL注入攻击。

Description (English)

Yonyou KSOA is an enterprise-level management software for Yonyou. Yonyou KSOA 9.0 has an injection loophole in SQL, which stems from the wrong operation of parameter ID in document/worksheet/del user.jsp, which could lead to an attack on SQL injection.

Hazard Level

Low

Vulnerability Type

SQL注入

Affected Vendor

用友

Published

2026-01-02

Last Modified

2026-02-24

References

https://github.com/master-abc/cve/blob/main/Yonyou%20Space-Time%20Enterprise%20Information%20Integration%20KSOA%20Platform%20worksheet%20del_user.jsp%20SQL%20injection.md#vulnerability-details-and-poc https://vuldb.com/?ctiid.339347 https://vuldb.com/?submit.734567 https://vuldb.com/?id.339347 https://vuldb.com/?submit.721352 https://access.redhat.com/security/cve/cve-2025-15425