Submeter #109292: Datagear JDBC deserialization vulnerabilityinformação

TítuloDatagear JDBC deserialization vulnerability
DescriçãoDataGear is an open source and free data visualization and analysis platform, free to create any data dashboard you want, and supports access to various data sources such as SQL, CSV, Excel, HTTP interface, and JSON. In Datagear 4.5.1 and earlier, an attacker can achieve jdbc deserialization attacks by uploading a vulnerable version of the mysql driver. After the upload is successful, an unauthenticated attacker can construct a malicious request to connect to a malicious JDBC server to trigger deserialization.
Fonte⚠️ https://github.com/yangyanglo/ForCVE/blob/main/2023-0x06.md
Utilizador
 yangyanglo (UID 43465)
Submissão02/04/2023 13h02 (há 3 anos)
Moderação14/04/2023 08h39 (12 days later)
EstadoAceite
Entrada VulDB225920 [DataGear até 4.7.0/5.1.0 JDBC Server Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!