CVE-2026-1123 is a SQL injection vulnerability identified in Yonyou KSOA version 9.0, specifically within the HTTP GET parameter handler of the /worksheet/work_mod.jsp component. The vulnerability arises from improper sanitization or validation of the 'ID' parameter, which allows an attacker to inject malicious SQL statements. This injection flaw can be exploited remotely without requiring authentication or user interaction, increasing the attack surface significantly. The vulnerability has a CVSS 4.0 base score of 6.9, indicating medium severity, with an exploitability rating of 'Proof-of-Concept' (E:P). The impact vector includes partial compromise of confidentiality, integrity, and availability, as attackers could potentially extract sensitive data, modify database contents, or disrupt service operations. The vendor, Yonyou, was contacted early but has not provided any response or patch, leaving systems exposed. The exploit code is publicly available, which raises the risk of exploitation by threat actors. No known active exploitation has been reported yet. The lack of vendor response and patch availability necessitates immediate attention from organizations using this software to implement compensating controls and monitor for suspicious activity.

The SQL injection vulnerability in Yonyou KSOA 9.0 can lead to unauthorized disclosure of sensitive information, data manipulation, and potential denial of service. Attackers exploiting this flaw could access confidential business data, alter records, or disrupt application functionality, impacting operational continuity. Since the vulnerability requires no authentication and can be exploited remotely, it poses a significant risk to organizations relying on this software for critical business processes. The absence of vendor patches increases the likelihood of exploitation attempts, especially given the public availability of exploit code. Organizations may face regulatory compliance issues and reputational damage if breaches occur. The impact is particularly severe for enterprises with sensitive financial, operational, or personal data managed through Yonyou KSOA.

Given the lack of an official patch from Yonyou, organizations should implement immediate compensating controls. These include deploying web application firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting the 'ID' parameter in /worksheet/work_mod.jsp. Conduct thorough input validation and sanitization at the application level if source code access is available. Restrict network access to the affected application to trusted IPs where feasible. Monitor application logs and network traffic for unusual queries or injection patterns. Consider isolating the affected system within the network to limit lateral movement. Engage with Yonyou support channels regularly for updates on patches or advisories. Additionally, plan for an application update or migration to a patched version once available. Conduct regular security assessments and penetration testing focused on injection flaws to detect similar vulnerabilities proactively.