إرسال #109292: Datagear JDBC deserialization vulnerabilityالمعلومات

عنوانDatagear JDBC deserialization vulnerability
الوصفDataGear is an open source and free data visualization and analysis platform, free to create any data dashboard you want, and supports access to various data sources such as SQL, CSV, Excel, HTTP interface, and JSON. In Datagear 4.5.1 and earlier, an attacker can achieve jdbc deserialization attacks by uploading a vulnerable version of the mysql driver. After the upload is successful, an unauthenticated attacker can construct a malicious request to connect to a malicious JDBC server to trigger deserialization.
المصدر⚠️ https://github.com/yangyanglo/ForCVE/blob/main/2023-0x06.md
المستخدم
 yangyanglo (UID 43465)
ارسال02/04/2023 01:02 PM (3 سنوات منذ)
الاعتدال14/04/2023 08:39 AM (12 days later)
الحالةتمت الموافقة
إدخال VulDB225920 [DataGear حتى 4.7.0/5.1.0 JDBC Server تجاوز الصلاحيات]
النقاط20

التالي نظرة عامة السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!