CVE-2026-1133: SQL Injection in Yonyou KSOA
CVE-2026-1133 is a medium severity SQL Injection vulnerability found in Yonyou KSOA version 9. 0, specifically in the /kmf/folder. jsp file via the HTTP GET parameter 'folderid'. This flaw allows unauthenticated remote attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification. The vulnerability requires no user interaction and no privileges, making exploitation feasible over the network. Although the vendor has been contacted, no patch or response has been provided, and no known exploits are currently observed in the wild. The CVSS 4. 0 score is 6. 9, reflecting a moderate risk with limited confidentiality, integrity, and availability impact. European organizations using Yonyou KSOA 9.
AI Analysis
Technical Summary
CVE-2026-1133 is a SQL Injection vulnerability identified in Yonyou KSOA version 9.0, a business management software widely used in enterprise environments. The vulnerability exists in the HTTP GET parameter 'folderid' handled by the /kmf/folder.jsp component. An attacker can craft malicious input to this parameter, which is improperly sanitized, allowing arbitrary SQL commands to be injected and executed on the backend database. This can lead to unauthorized data retrieval, modification, or deletion, potentially compromising the confidentiality and integrity of sensitive business data. The vulnerability is exploitable remotely without authentication or user interaction, increasing the attack surface. The vendor has been notified but has not issued a patch or mitigation guidance, and no public exploits have been confirmed in the wild yet. The CVSS 4.0 base score of 6.9 reflects a medium severity, considering the ease of exploitation and the potential impact on data confidentiality, integrity, and availability. The lack of authentication and user interaction requirements makes this vulnerability particularly concerning for exposed deployments. Organizations relying on Yonyou KSOA 9.0 should urgently assess their exposure and implement compensating controls to mitigate risk until an official patch is available.
Potential Impact
For European organizations, exploitation of this SQL Injection vulnerability could result in unauthorized access to sensitive corporate data, including financial records, customer information, and internal business processes managed by Yonyou KSOA. This could lead to data breaches, regulatory non-compliance (e.g., GDPR violations), financial losses, and reputational damage. The integrity of business data could be compromised, affecting decision-making and operational continuity. Availability impacts are possible if attackers execute destructive SQL commands or disrupt database operations. Given the remote and unauthenticated nature of the attack, organizations with internet-facing instances of Yonyou KSOA 9.0 are particularly vulnerable. The absence of vendor patches increases the risk window, necessitating immediate mitigation efforts. The threat is especially relevant for sectors such as manufacturing, finance, and government agencies in Europe that utilize Yonyou products for enterprise resource planning and operations management.
Mitigation Recommendations
1. Implement strict input validation and sanitization on all user-supplied parameters, especially 'folderid', to prevent malicious SQL payloads. 2. Deploy a Web Application Firewall (WAF) with custom rules to detect and block SQL Injection attempts targeting the vulnerable endpoint. 3. Restrict network access to the Yonyou KSOA application, limiting exposure to trusted internal networks or VPNs where possible. 4. Monitor application logs and database queries for unusual or suspicious activity indicative of SQL Injection attempts. 5. Conduct regular security assessments and penetration testing focused on injection flaws. 6. Engage with Yonyou support channels persistently to obtain official patches or guidance. 7. Consider temporary application-layer mitigations such as disabling or restricting access to the vulnerable /kmf/folder.jsp endpoint if feasible. 8. Maintain up-to-date backups of critical data to enable recovery in case of data corruption or loss. 9. Educate IT and security teams about the vulnerability and ensure incident response plans include scenarios involving SQL Injection attacks.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
CVE-2026-1133: SQL Injection in Yonyou KSOA
Description
CVE-2026-1133 is a medium severity SQL Injection vulnerability found in Yonyou KSOA version 9. 0, specifically in the /kmf/folder. jsp file via the HTTP GET parameter 'folderid'. This flaw allows unauthenticated remote attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification. The vulnerability requires no user interaction and no privileges, making exploitation feasible over the network. Although the vendor has been contacted, no patch or response has been provided, and no known exploits are currently observed in the wild. The CVSS 4. 0 score is 6. 9, reflecting a moderate risk with limited confidentiality, integrity, and availability impact. European organizations using Yonyou KSOA 9.
AI-Powered Analysis
Technical Analysis
CVE-2026-1133 is a SQL Injection vulnerability identified in Yonyou KSOA version 9.0, a business management software widely used in enterprise environments. The vulnerability exists in the HTTP GET parameter 'folderid' handled by the /kmf/folder.jsp component. An attacker can craft malicious input to this parameter, which is improperly sanitized, allowing arbitrary SQL commands to be injected and executed on the backend database. This can lead to unauthorized data retrieval, modification, or deletion, potentially compromising the confidentiality and integrity of sensitive business data. The vulnerability is exploitable remotely without authentication or user interaction, increasing the attack surface. The vendor has been notified but has not issued a patch or mitigation guidance, and no public exploits have been confirmed in the wild yet. The CVSS 4.0 base score of 6.9 reflects a medium severity, considering the ease of exploitation and the potential impact on data confidentiality, integrity, and availability. The lack of authentication and user interaction requirements makes this vulnerability particularly concerning for exposed deployments. Organizations relying on Yonyou KSOA 9.0 should urgently assess their exposure and implement compensating controls to mitigate risk until an official patch is available.
Potential Impact
For European organizations, exploitation of this SQL Injection vulnerability could result in unauthorized access to sensitive corporate data, including financial records, customer information, and internal business processes managed by Yonyou KSOA. This could lead to data breaches, regulatory non-compliance (e.g., GDPR violations), financial losses, and reputational damage. The integrity of business data could be compromised, affecting decision-making and operational continuity. Availability impacts are possible if attackers execute destructive SQL commands or disrupt database operations. Given the remote and unauthenticated nature of the attack, organizations with internet-facing instances of Yonyou KSOA 9.0 are particularly vulnerable. The absence of vendor patches increases the risk window, necessitating immediate mitigation efforts. The threat is especially relevant for sectors such as manufacturing, finance, and government agencies in Europe that utilize Yonyou products for enterprise resource planning and operations management.
Mitigation Recommendations
1. Implement strict input validation and sanitization on all user-supplied parameters, especially 'folderid', to prevent malicious SQL payloads. 2. Deploy a Web Application Firewall (WAF) with custom rules to detect and block SQL Injection attempts targeting the vulnerable endpoint. 3. Restrict network access to the Yonyou KSOA application, limiting exposure to trusted internal networks or VPNs where possible. 4. Monitor application logs and database queries for unusual or suspicious activity indicative of SQL Injection attempts. 5. Conduct regular security assessments and penetration testing focused on injection flaws. 6. Engage with Yonyou support channels persistently to obtain official patches or guidance. 7. Consider temporary application-layer mitigations such as disabling or restricting access to the vulnerable /kmf/folder.jsp endpoint if feasible. 8. Maintain up-to-date backups of critical data to enable recovery in case of data corruption or loss. 9. Educate IT and security teams about the vulnerability and ensure incident response plans include scenarios involving SQL Injection attacks.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-01-18T07:13:54.296Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 696d99ead302b072d92fe5e8
Added to database: 1/19/2026, 2:41:46 AM
Last enriched: 1/19/2026, 2:56:09 AM
Last updated: 1/19/2026, 5:02:05 AM
Views: 16
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-1138: Buffer Overflow in UTT 进取 520W
HighCVE-2026-1137: Buffer Overflow in UTT 进取 520W
HighCVE-2026-1136: Cross Site Scripting in lcg0124 BootDo
MediumCVE-2026-1135: Cross Site Scripting in itsourcecode Society Management System
MediumCVE-2026-1134: Cross Site Scripting in itsourcecode Society Management System
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.