{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5147/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-5147","sql-injection","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA security flaw, identified as CVE-2026-5147, has been discovered in YunaiV yudao-cloud software, specifically versions up to 2026.01. The vulnerability resides in the \u003ccode\u003e/admin-api/system/tenant/get-by-website\u003c/code\u003e endpoint, where manipulation of the \u003ccode\u003eWebsite\u003c/code\u003e argument can lead to SQL injection. This allows for potential remote exploitation without requiring authentication. The vulnerability was reported to the vendor, but no response or patch has been provided. Publicly available exploit code…\u003c/p\u003e\n","date_modified":"2026-03-30T19:16:27Z","date_published":"2026-03-30T19:16:27Z","id":"/briefs/2026-03-yudao-sql-injection/","summary":"A remote SQL injection vulnerability (CVE-2026-5147) exists in YunaiV yudao-cloud up to version 2026.01 via the Website argument in the /admin-api/system/tenant/get-by-website endpoint, allowing unauthenticated attackers to potentially execute arbitrary SQL queries.","title":"YunaiV yudao-cloud SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-yudao-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-5147","version":"https://jsonfeed.org/version/1.1"}