关键漏洞信息 Title: Yonyou KSOA v9.0 SQL Injection Description: - A SQL injection vulnerability in the file of Yonyou Space-Time KSOA Platform v9.0. - Untrusted input via the HTTP GET parameter is directly concatenated into a backend SQL query without proper validation or parameterization. - This allows an unauthenticated remote attacker to inject malicious SQL commands, potentially leading to data leakage, unauthorized database access, or server manipulation. - The backend database is Microsoft SQL Server. Source: https://github.com/LX-66-LX/cve/issues/11 User: LX-66-LX (UID 92717) Submission Date: 01/08/2026 04:03 PM Moderation Date: 01/18/2026 08:14 AM Status: Accepted VulDB Entry: 341719 Points: 20