| Title | eladmin v2.7 Mysql_JDBC arbitrary file reading vulnerability |
|---|
| Description | ELAdmin is an open-source background management system based on Spring Boot and Vue. A vulnerability exists in its interaction with the MySQL database, where improperly configured JDBC connections may allow arbitrary file reading. An attacker could exploit this vulnerability to read sensitive files on the server, leading to information disclosure.
If the system allows users to provide custom JDBC URLs, an attacker might construct a specially crafted JDBC URL to access files on the server. For example, MySQL’s JDBC driver supports parameters that allow local file loading, which could be abused for unauthorized file access. |
|---|
| Source | ⚠️ https://www.yuque.com/u520611/giuhru/vfvchim8sphv2y1g?singleDoc# 《ELADMIN》 |
|---|
| User | 007y (UID 61692) |
|---|
| Submission | 03/30/2025 08:39 (1 Year ago) |
|---|
| Moderation | 04/04/2025 09:28 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 303320 [elunez eladmin 2.7 Maintenance Management testConnect deserialization] |
|---|
| Points | 20 |
|---|