Soumettre #274595: OpenBi OpenBi <=1.0.8 Arbitrary File Readinformation

TitreOpenBi OpenBi <=1.0.8 Arbitrary File Read
DescriptionThe OpenBI software, version 1.0.8 and earlier, is susceptible to an Arbitrary File Read vulnerability. This vulnerability arises from the '/application/index/controller/Databasesource.php' file, where a function 'testConnection' allows pre-authentication visitors to test a connection to a database with provided parameters. Exploiting this vulnerability, an attacker could set up a rogue MySQL server and send a request to connect to it. Consequently, this could potentially enable the attacker to read sensitive files, such as '/etc/passwd', thus compromising the security of the system.
La source⚠️ https://note.zhaoj.in/share/6ISYe2urjlkI
Utilisateur
 glzjin (UID 59815)
Soumission29/01/2024 09:35 (il y a 2 ans)
Modérer29/01/2024 15:09 (6 hours later)
StatutAccepté
Entrée VulDB252307 [openBI jusqu’à 1.0.8 Test Connection Databasesource.php testConnection élévation de privilèges]
Points20

PrécédentAperçuSuivant

Interested in the pricing of exploits?

See the underground prices here!