Enviar #628028: https://qiaoqiaoyun.com/ jeecgboot/jimureport 2.1.1 PostgreSQL JDBC RCEinformación

Títulohttps://qiaoqiaoyun.com/ jeecgboot/jimureport 2.1.1 PostgreSQL JDBC RCE
DescripciónIn the data large screen template of the JiMu Report BI large screen workbench, the /drag/onlDragDataSource/testConnection interface can be called by testing the data source configuration when adding a data source in the design. The backend does not impose any restrictions, resulting in an attacker constructing special connection parameters when connecting to the Postgre SQL database, ultimately leading to RCE.
Fuente⚠️ https://github.com/jeecgboot/jimureport/issues/4010
Usuario
 jmx0hxq (UID 63891)
Sumisión2025-08-04 04:29 (hace 9 meses)
Moderación2025-08-13 18:07 (10 days later)
EstadoAceptado
Entrada de VulDB319958 [jeecgboot JimuReport hasta 2.1.1 Data Large Screen Template testConnection escalada de privilegios]
Puntos19

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!