Submeter #828509: 广州华壹智能科技有限公司 JeeWMS latest RCEinformação

Título广州华壹智能科技有限公司 JeeWMS latest RCE
DescriçãoJEEWMS exposes the JimuReport test-connection endpoint at /base-boot/jmreport/testConnection without authentication. The endpoint accepts attacker-controlled JDBC connection parameters and attempts to create a database connection using the supplied driver and URL. In affected environments, this can be abused to trigger arbitrary class instantiation through the PostgreSQL JDBC socketFactory mechanism and may lead to remote code execution.
Fonte⚠️ https://github.com/0d000721999/evc1/issues/1
Utilizador
 0d00 (UID 98238)
Submissão13/05/2026 17h31 (há 25 dias)
Moderação06/06/2026 18h02 (24 days later)
EstadoAceite
Entrada VulDB369076 [erzhongxmu JeeWMS até 141740afb2ba14d441c82a833d0a418d07ca2d69 JimuReport test-connection Endpoint testConnection dbType/dbDriver/dbUrl/dbUsername/dbPassword Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!