Submeter #800865: YunaiV yudao-cloud yudao-cloud up to 2026.01 SQL Injectioninformação

TítuloYunaiV yudao-cloud yudao-cloud up to 2026.01 SQL Injection
DescriçãoA critical SQL injection vulnerability exists in yudao-cloud `GoViewDataServiceImpl.java`. The vulnerability allows authenticated users with the `report:go-view-data:get-by-sql` permission to execute arbitrary SQL queries, potentially leading to unauthorized data access, data manipulation, and database compromise. The `getDataBySQL` method directly executes user-provided SQL statements without any parameterization or input validation, allowing attackers to inject malicious SQL code.
Fonte⚠️ https://github.com/9str0IL/CVE/issues/2
Utilizador
 9str0il (UID 97218)
Submissão09/04/2026 10h59 (há 2 meses)
Moderação02/05/2026 10h39 (23 days later)
EstadoAceite
Entrada VulDB360831 [YunaiV yudao-cloud até 2026.01 GoViewDataServiceImpl.java getDataBySQL Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!