제출 #800865: YunaiV yudao-cloud yudao-cloud up to 2026.01 SQL Injection정보

제목YunaiV yudao-cloud yudao-cloud up to 2026.01 SQL Injection
설명A critical SQL injection vulnerability exists in yudao-cloud `GoViewDataServiceImpl.java`. The vulnerability allows authenticated users with the `report:go-view-data:get-by-sql` permission to execute arbitrary SQL queries, potentially leading to unauthorized data access, data manipulation, and database compromise. The `getDataBySQL` method directly executes user-provided SQL statements without any parameterization or input validation, allowing attackers to inject malicious SQL code.
원천⚠️ https://github.com/9str0IL/CVE/issues/2
사용자
 9str0il (UID 97218)
제출2026. 04. 09. AM 10:59 (2 개월 ago)
모더레이션2026. 05. 02. AM 10:39 (23 days later)
상태수락
VulDB 항목360831 [YunaiV yudao-cloud 까지 2026.01 GoViewDataServiceImpl.java getDataBySQL SQL 주입]
포인트들20

이전개요다음

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!