| Titre | 广州华壹智能科技有限公司 JeeWMS latest RCE |
|---|
| Description | JEEWMS exposes the JimuReport test-connection endpoint at /base-boot/jmreport/testConnection without authentication. The endpoint accepts attacker-controlled JDBC connection parameters and attempts to create a database connection using the supplied driver and URL. In affected environments, this can be abused to trigger arbitrary class instantiation through the PostgreSQL JDBC socketFactory mechanism and may lead to remote code execution. |
|---|
| La source | ⚠️ https://github.com/0d000721999/evc1/issues/1 |
|---|
| Utilisateur | 0d00 (UID 98238) |
|---|
| Soumission | 13/05/2026 17:31 (il y a 26 jours) |
|---|
| Modérer | 06/06/2026 18:02 (24 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 369076 [erzhongxmu JeeWMS JimuReport test-connection Endpoint testConnection dbType/dbDriver/dbUrl/dbUsername/dbPassword élévation de privilèges] |
|---|
| Points | 20 |
|---|