| Title | OpenBi OpenBi <=1.0.8 Arbitrary File Read |
|---|
| Description | The OpenBI software, version 1.0.8 and earlier, is susceptible to an Arbitrary File Read vulnerability. This vulnerability arises from the '/application/index/controller/Databasesource.php' file, where a function 'testConnection' allows pre-authentication visitors to test a connection to a database with provided parameters. Exploiting this vulnerability, an attacker could set up a rogue MySQL server and send a request to connect to it. Consequently, this could potentially enable the attacker to read sensitive files, such as '/etc/passwd', thus compromising the security of the system. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/6ISYe2urjlkI |
|---|
| User | glzjin (UID 59815) |
|---|
| Submission | 01/29/2024 09:35 (2 years ago) |
|---|
| Moderation | 01/29/2024 15:09 (6 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 252307 [openBI up to 1.0.8 Test Connection Databasesource.php testConnection deserialization] |
|---|
| Points | 20 |
|---|