| 标题 | Datagear JDBC deserialization vulnerability |
|---|
| 描述 | DataGear is an open source and free data visualization and analysis platform, free to create any data dashboard you want, and supports access to various data sources such as SQL, CSV, Excel, HTTP interface, and JSON. In Datagear 4.5.1 and earlier, an attacker can achieve jdbc deserialization attacks by uploading a vulnerable version of the mysql driver. After the upload is successful, an unauthenticated attacker can construct a malicious request to connect to a malicious JDBC server to trigger deserialization. |
|---|
| 来源 | ⚠️ https://github.com/yangyanglo/ForCVE/blob/main/2023-0x06.md |
|---|
| 用户 | yangyanglo (UID 43465) |
|---|
| 提交 | 2023-04-02 13時02分 (3 年前) |
|---|
| 管理 | 2023-04-14 08時39分 (12 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 225920 [DataGear 直到 4.7.0/5.1.0 JDBC Server 权限提升] |
|---|
| 积分 | 20 |
|---|