CVE-2025-15421

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0

Description A flaw exists in Yonyou KSOA 9.0 related to the HTTP GET Parameter Handler. Specifically, the manipulation of the ID parameter in the /worksheet/agent worksadd.jsp file can lead to SQL injection. This issue is remotely exploitable. The exploit is publicly available.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.