Enviar #800865: YunaiV yudao-cloud yudao-cloud up to 2026.01 SQL Injectioninformación

TítuloYunaiV yudao-cloud yudao-cloud up to 2026.01 SQL Injection
DescripciónA critical SQL injection vulnerability exists in yudao-cloud `GoViewDataServiceImpl.java`. The vulnerability allows authenticated users with the `report:go-view-data:get-by-sql` permission to execute arbitrary SQL queries, potentially leading to unauthorized data access, data manipulation, and database compromise. The `getDataBySQL` method directly executes user-provided SQL statements without any parameterization or input validation, allowing attackers to inject malicious SQL code.
Fuente⚠️ https://github.com/9str0IL/CVE/issues/2
Usuario
 9str0il (UID 97218)
Sumisión2026-04-09 10:59 (hace 2 meses)
Moderación2026-05-02 10:39 (23 days later)
EstadoAceptado
Entrada de VulDB360831 [YunaiV yudao-cloud hasta 2026.01 GoViewDataServiceImpl.java getDataBySQL inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!