Submit #442943: http://www.datagear.tech/ datagear <=4.60 command execution
Title | http://www.datagear.tech/ datagear <=4.60 command execution |
---|---|
Description | datagear exists a freemaker template injected in the /dataSet/resolveSql route rendering sql statement |
Source | ⚠️ https:/ |
User | nn0nkey (UID 74287) |
Submission | 11/13/2024 01:38 AM (2 months ago) |
Moderation | 11/21/2024 07:52 AM (8 days later) |
Status | Accepted |
VulDB Entry | 285658 [DataGear up to 4.60 /dataSet/resolveSql sql sql injection] |
Points | 14 |