CVE-2026-1179 | Yonyou KSOA 9.0 HTTP GET Parameter /kmf/user_popedom.jsp folderid sql injection

A vulnerability was found in Yonyou KSOA 9.0 and classified as critical. This affects an unknown part of the file /kmf/user_popedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection.

This vulnerability is reported as CVE-2026-1179. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More