| 标题 | https://qiaoqiaoyun.com/ jeecgboot/jimureport 2.1.1 PostgreSQL JDBC RCE |
|---|
| 描述 | In the data large screen template of the JiMu Report BI large screen workbench, the /drag/onlDragDataSource/testConnection interface can be called by testing the data source configuration when adding a data source in the design. The backend does not impose any restrictions, resulting in an attacker constructing special connection parameters when connecting to the Postgre SQL database, ultimately leading to RCE. |
|---|
| 来源 | ⚠️ https://github.com/jeecgboot/jimureport/issues/4010 |
|---|
| 用户 | jmx0hxq (UID 63891) |
|---|
| 提交 | 2025-08-04 04時29分 (9 月前) |
|---|
| 管理 | 2025-08-13 18時07分 (10 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 319958 [jeecgboot JimuReport 直到 2.1.1 Data Large Screen Template testConnection 权限提升] |
|---|
| 积分 | 19 |
|---|