Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Yonyou — Vulnerabilities & Security Advisories 27

Browse all 27 CVE security advisories affecting Yonyou. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Yonyou primarily develops enterprise resource planning and cloud-based management software for large organizations, facilitating complex business operations across finance, supply chain, and human resources. Security audits have identified twenty-seven recorded Common Vulnerabilities and Exposures (CVEs) associated with its product suite. Historically, these flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation or improper access controls within its web interfaces. While no single catastrophic public breach has defined the vendor’s recent history, the cumulative nature of these vulnerabilities suggests systemic weaknesses in secure coding practices. The presence of multiple critical severity ratings indicates that attackers could potentially gain unauthorized administrative access or execute arbitrary commands on affected servers. Consequently, organizations relying on Yonyou’s infrastructure must prioritize regular patching and rigorous network segmentation to mitigate the risk of exploitation inherent in these documented security gaps.

Top products by Yonyou: KSOA UFIDA ERP-NC U8 Cloud YonBIP
CVE IDTitleCVSSSeverityPublished
CVE-2026-1179 Yonyou KSOA HTTP GET Parameter user_popedom.jsp sql injection — KSOACWE-89 7.3 High2026-01-19
CVE-2026-1178 Yonyou KSOA HTTP GET Parameter select.jsp sql injection — KSOACWE-89 7.3 High2026-01-19
CVE-2026-1177 Yonyou KSOA HTTP GET Parameter save_folder.jsp sql injection — KSOACWE-89 7.3 High2026-01-19
CVE-2026-1133 Yonyou KSOA HTTP GET Parameter folder.jsp sql injection — KSOACWE-89 7.3 High2026-01-19
CVE-2026-1132 Yonyou KSOA HTTP GET Parameter edit_folder.jsp sql injection — KSOACWE-89 7.3 High2026-01-19
CVE-2026-1131 Yonyou KSOA HTTP GET Parameter save_catalog.jsp sql injection — KSOACWE-89 7.3 High2026-01-19
CVE-2026-1130 Yonyou KSOA HTTP GET Parameter worksadd_plan.jsp sql injection — KSOACWE-89 7.3 High2026-01-19
CVE-2026-1129 Yonyou KSOA HTTP GET Parameter worksadd.jsp sql injection — KSOACWE-89 7.3 High2026-01-19
CVE-2026-1124 Yonyou KSOA HTTP GET Parameter work_report.jsp sql injection — KSOACWE-89 7.3 High2026-01-18
CVE-2026-1123 Yonyou KSOA HTTP GET Parameter work_mod.jsp sql injection — KSOACWE-89 7.3 High2026-01-18
CVE-2026-1122 Yonyou KSOA HTTP GET Parameter work_info.jsp sql injection — KSOACWE-89 7.3 High2026-01-18
CVE-2026-1121 Yonyou KSOA HTTP GET Parameter del_workplan.jsp sql injection — KSOACWE-89 7.3 High2026-01-18
CVE-2026-1120 Yonyou KSOA HTTP GET Parameter del_work.jsp sql injection — KSOACWE-89 7.3 High2026-01-18
CVE-2025-15436 Yonyou KSOA work_edit.jsp sql injection — KSOACWE-89 7.3 High2026-01-02
CVE-2025-15435 Yonyou KSOA work_update.jsp sql injection — KSOACWE-89 7.3 High2026-01-02
CVE-2025-15434 Yonyou KSOA PrintZPYG.jsp sql injection — KSOACWE-89 7.3 High2026-01-02
CVE-2025-15425 Yonyou KSOA HTTP GET Parameter del_user.jsp sql injection — KSOACWE-89 7.3 High2026-01-02
CVE-2025-15424 Yonyou KSOA HTTP GET Parameter agent_worksdel.jsp sql injection — KSOACWE-89 7.3 High2026-01-02
CVE-2025-15421 Yonyou KSOA HTTP GET Parameter agent_worksadd.jsp sql injection — KSOACWE-89 7.3 High2026-01-02
CVE-2025-15420 Yonyou KSOA agent_work_report.jsp sql injection — KSOACWE-89 7.3 High2026-01-02
CVE-2025-14185 Yonyou U8 Cloud AppServletService.class sql injection — U8 CloudCWE-89 6.3 Medium2025-12-07
CVE-2025-12344 Yonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted upload — U8 CloudCWE-434 6.3 Medium2025-10-28
CVE-2025-3562 Yonyou YonBIP userfile FileInputStream path traversal — YonBIPCWE-22 4.3 Medium2025-04-14
CVE-2025-2712 Yonyou UFIDA ERP-NC top.jsp cross site scripting — UFIDA ERP-NCCWE-79 4.3 Medium2025-03-24
CVE-2025-2711 Yonyou UFIDA ERP-NC systop.jsp cross site scripting — UFIDA ERP-NCCWE-79 4.3 Medium2025-03-24
CVE-2025-2710 Yonyou UFIDA ERP-NC menu.jsp cross site scripting — UFIDA ERP-NCCWE-79 4.3 Medium2025-03-24
CVE-2025-2709 Yonyou UFIDA ERP-NC login.jsp cross site scripting — UFIDA ERP-NCCWE-79 4.3 Medium2025-03-24

This page lists every published CVE security advisory associated with Yonyou. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.