CVE-2026-1121 identifies a SQL injection vulnerability in Yonyou KSOA 9.0, specifically within the /worksheet/del_workplan.jsp component. The vulnerability arises from improper sanitization of the 'ID' parameter in HTTP GET requests, allowing attackers to inject malicious SQL queries. This injection flaw can be exploited remotely without requiring authentication or user interaction, making it accessible to a wide range of threat actors. The vulnerability affects the confidentiality, integrity, and availability of the underlying database and application data. The vendor was notified but has not issued a patch or response, and public exploit code has been released, increasing the likelihood of exploitation. The CVSS v4.0 score is 6.9 (medium severity), reflecting the ease of exploitation and potential impact. The absence of authentication and user interaction requirements combined with the ability to manipulate backend SQL queries makes this a significant risk for organizations relying on Yonyou KSOA 9.0 for business operations.

Exploitation of this SQL injection vulnerability can lead to unauthorized disclosure of sensitive data, data manipulation, or deletion within the affected Yonyou KSOA systems. Attackers could extract confidential business information, modify workplan data, or disrupt service availability. Given the remote and unauthenticated nature of the exploit, attackers can operate stealthily and at scale, potentially compromising multiple organizational assets. This can result in financial losses, reputational damage, regulatory penalties, and operational disruptions. Organizations with critical workflows managed by Yonyou KSOA 9.0 are particularly at risk, especially if the application interfaces with sensitive or regulated data. The lack of vendor response and patch availability further exacerbates the threat landscape, increasing exposure time.

Organizations should immediately implement the following mitigations: 1) Employ Web Application Firewalls (WAFs) with custom rules to detect and block malicious SQL injection payloads targeting the 'ID' parameter in /worksheet/del_workplan.jsp requests. 2) Restrict direct internet access to the affected application components by using network segmentation and access controls to limit exposure. 3) Conduct thorough input validation and sanitization on all user-supplied parameters, especially the 'ID' parameter, to prevent injection attacks. 4) Monitor application logs and network traffic for unusual query patterns or repeated access attempts to the vulnerable endpoint. 5) If possible, disable or restrict the vulnerable functionality until a vendor patch or official fix is available. 6) Engage with Yonyou support channels persistently to obtain official remediation guidance or patches. 7) Consider deploying database-level protections such as least privilege accounts and query parameterization to reduce injection impact. 8) Prepare incident response plans to quickly address potential exploitation events.