| Title | DataGear datagear <=v5.0.0 Injection |
|---|
| Description | DataGear v5.0.0 has a SpEL expression injection vulnerability leading to remote code execution in the Editing and Deletion functions of the Data Schema Page |
|---|
| Source | ⚠️ https://gitee.com/datagear/datagear/issues/IAF3H7 |
|---|
| User | nerowander (UID 72513) |
|---|
| Submission | 08/06/2024 04:43 (2 years ago) |
|---|
| Moderation | 08/06/2024 08:47 (4 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 273697 [DataGear up to 5.0.0 Data Schema Page ConversionSqlParamValueMapper.java evaluateVariableExpression expression language injection] |
|---|
| Points | 15 |
|---|