Soumettre #800865: YunaiV yudao-cloud yudao-cloud up to 2026.01 SQL Injectioninformation

TitreYunaiV yudao-cloud yudao-cloud up to 2026.01 SQL Injection
DescriptionA critical SQL injection vulnerability exists in yudao-cloud `GoViewDataServiceImpl.java`. The vulnerability allows authenticated users with the `report:go-view-data:get-by-sql` permission to execute arbitrary SQL queries, potentially leading to unauthorized data access, data manipulation, and database compromise. The `getDataBySQL` method directly executes user-provided SQL statements without any parameterization or input validation, allowing attackers to inject malicious SQL code.
La source⚠️ https://github.com/9str0IL/CVE/issues/2
Utilisateur
 9str0il (UID 97218)
Soumission09/04/2026 10:59 (il y a 2 mois)
Modérer02/05/2026 10:39 (23 days later)
StatutAccepté
Entrée VulDB360831 [YunaiV yudao-cloud jusqu’à 2026.01 GoViewDataServiceImpl.java getDataBySQL injection SQL]
Points20

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!