CVE-2025-15435
SQL Injection in Yonyou KSOA 9.0 /worksheet/work_update.jsp
Publication date: 2026-01-02
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yonyou | ksoa | 1.0 |
| yonyou | ksoa | 9.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a SQL injection flaw in Yonyou KSOA version 9.0, specifically in the /worksheet/work_update.jsp file. It occurs because the application does not properly sanitize or validate the 'Report' parameter before using it in SQL queries. Attackers can exploit this remotely without authentication by injecting malicious SQL code, which allows unauthorized manipulation of the database. [1, 2, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to unauthorized database access, leakage of sensitive data, data tampering, full system control, and potential service disruption. It compromises the confidentiality, integrity, and availability of the affected system, posing severe threats to system security and business continuity. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the vulnerable parameter 'Report' in the URL /worksheet/work_update.jsp for SQL injection. One method is to use sqlmap with a command like: python sqlmap.py --random-agent --batch -u "http://<target>/worksheet/work_update.jsp?Report=12211" --current-db. Additionally, Google dorking with the query inurl:worksheet/work_update.jsp can help find vulnerable instances. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include using prepared statements and parameter binding to prevent SQL injection, implementing strict input validation and filtering on the 'Report' parameter, minimizing database user permissions to avoid high-privilege accounts for routine operations, and conducting regular security audits. Since no patches or vendor responses are available, replacing the affected product or disabling the vulnerable functionality may also be necessary. [2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized access, data leakage, and manipulation of the database, which compromises confidentiality, integrity, and availability of sensitive information. Such impacts can lead to non-compliance with common standards and regulations like GDPR and HIPAA that require protection of personal and sensitive data. The lack of vendor response and absence of mitigation increase the risk of data breaches, potentially resulting in regulatory violations. [2, 3]