CVE-2026-1133
SQL Injection in Yonyou KSOA 9.0 HTTP GET Parameter Handler
Publication date: 2026-01-19
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yonyou | ksoa | 9.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to unauthorized access to the database, leakage of sensitive data, data tampering, and potentially administrative control over the database server. Since no authentication is required, attackers can remotely execute arbitrary SQL commands, which may disrupt system availability, compromise data integrity, and expose confidential information. [1, 2, 3]
Can you explain this vulnerability to me?
CVE-2026-1133 is a SQL injection vulnerability in Yonyou KSOA version 9.0, specifically in the HTTP GET parameter 'folderid' of the /kmf/folder.jsp file. The application improperly handles this parameter by directly concatenating it into SQL queries without proper validation or parameterization, allowing remote attackers to inject arbitrary SQL commands without authentication. This flaw can be exploited remotely to manipulate the backend Microsoft SQL Server database, potentially compromising the system's confidentiality, integrity, and availability. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /kmf/folder.jsp endpoint with the folderid HTTP GET parameter for SQL injection. You can use tools like sqlmap targeting Microsoft SQL Server to automate detection. For example, running a command such as: sqlmap -u "http://target/kmf/folder.jsp?folderid=1" --dbms=mssql --technique=BEUSTQ can help identify the vulnerability. Additionally, manual testing can be done by injecting time-based payloads like ';WAITFOR DELAY '0:0:5'-- into the folderid parameter and observing response delays. Google dorking with the query inurl:kmf/folder.jsp can help identify vulnerable targets on your network or externally. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing parameterized queries (prepared statements) to prevent SQL injection by treating user input as data rather than executable code. Strict input validation should be applied to the folderid parameter, allowing only expected characters such as integers. Deploying a Web Application Firewall (WAF) can help detect and block SQL injection attempts. Additionally, disabling detailed database error messages on the frontend prevents information leakage. Since no vendor patch is available, consider replacing the affected product with an alternative solution. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability allows unauthorized remote SQL injection leading to potential unauthorized database access, data leakage, and data tampering, it could negatively affect compliance with data protection regulations that require safeguarding sensitive data and ensuring data integrity. Organizations using the affected software may face compliance risks if this vulnerability is exploited, as it compromises confidentiality, integrity, and availability of data. [1, 2, 3]