| 제목 | https://github.com/WeiYe-Jing/ https://github.com/WeiYe-Jing/datax-web 2.1.1 OS Command Injection |
|---|
| 설명 | Remote Code Execution (RCE) refers to an attack where an attacker can execute arbitrary code on a remote computer, thereby gaining control over and compromising the target system. The attacker can execute this code without any user interaction, allowing them to infiltrate the target system and perform a wide range of malicious activities. These activities may include stealing sensitive information, altering data, spreading viruses or malware, and other harmful actions.
The `glueSource` parameter of the /api/job/add/ endpoint is vulnerable to Remote Code Execution (RCE). |
|---|
| 원천 | ⚠️ https://github.com/jxp98/VulResearch/blob/main/2024/12/1.Datax-Web%20-%20Remote%20Code%20Execution.md |
|---|
| 사용자 | jxp. (UID 64049) |
|---|
| 제출 | 2024. 12. 06. AM 10:23 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 12. 08. PM 09:40 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 287277 [WeiYe-Jing datax-web 2.1.1 /api/job/add/ glueSource 권한 상승] |
|---|
| 포인트들 | 20 |
|---|