| タイトル | Datagear JDBC deserialization vulnerability |
|---|
| 説明 | DataGear is an open source and free data visualization and analysis platform, free to create any data dashboard you want, and supports access to various data sources such as SQL, CSV, Excel, HTTP interface, and JSON. In Datagear 4.5.1 and earlier, an attacker can achieve jdbc deserialization attacks by uploading a vulnerable version of the mysql driver. After the upload is successful, an unauthenticated attacker can construct a malicious request to connect to a malicious JDBC server to trigger deserialization. |
|---|
| ソース | ⚠️ https://github.com/yangyanglo/ForCVE/blob/main/2023-0x06.md |
|---|
| ユーザー | yangyanglo (UID 43465) |
|---|
| 送信 | 2023年04月02日 13:02 (3 年 ago) |
|---|
| モデレーション | 2023年04月14日 08:39 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 225920 [DataGear 迄 4.7.0/5.1.0 JDBC Server 特権昇格] |
|---|
| ポイント | 20 |
|---|