Submit #442943: http://www.datagear.tech/ datagear <=4.60 command executioninfo

Titlehttp://www.datagear.tech/ datagear <=4.60 command execution
Descriptiondatagear exists a freemaker template injected in the /dataSet/resolveSql route rendering sql statement
Source⚠️ https://github.com/nn0nkey/nn0nkey/blob/main/Datagear/freemaker.md
User
 nn0nkey (UID 74287)
Submission11/13/2024 01:38 AM (2 months ago)
Moderation11/21/2024 07:52 AM (8 days later)
StatusAccepted
VulDB Entry285658 [DataGear up to 4.60 /dataSet/resolveSql sql sql injection]
Points14

Might our Artificial Intelligence support you?

Check our Alexa App!