41 matches found
CVE-2022-31196 Server-Side Request Forgery (SSRF) vulnerability in Databasir
Databasir is a database metadata management platform. Databasir = 1.06 has Server-Side Request Forgery SSRF vulnerability. The SSRF is triggered by a sending a single HTTP POST request to create a databaseType. By supplying a jdbcDriverFileUrl that returns a non 200 response code, the url is...
Databasir 代码问题漏洞
Databasir is a team-oriented document management platform for relational database models. A code issue vulnerability exists in Databasir versions prior to 1.0.7 that stems from a server-side request forgery SSRF vulnerability by providing a jdbcDriverFileUrl that returns a non-200 response code,...
PT-2022-20605 · Databasir · Databasir
Name of the Vulnerable Software and Affected Versions: Databasir versions 1.06 and earlier Description: The issue allows attackers to perform Server-Side Request Forgery SSRF by sending a single HTTP POST request to create a databaseType. This is achieved by supplying a jdbcDriverFileUrl that...
CVE-2022-24861
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to...
CVE-2022-24862
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address wi...
Server side request forgery (ssrf)
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address wi...
Remote code execution
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to...
CVE-2022-24862 Server-Side Request Forgery in Databasir
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address wi...
CVE-2022-24862
Databasir 1.01 contains a Server-Side Request Forgery (SSRF) flaw in the JDBC driver download verification process: the download URL is fetched, but accessing a non-existent URL returns a full error page. This behavior can be exploited for SSRF. Exploitation details, impact scope, and fixes are n...
CVE-2022-24862 Server-Side Request Forgery in Databasir
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address wi...
CVE-2022-24861
CVE-2022-24861 affects Databasir 1.01, where remote code execution is possible because JDBC drivers are not validated before use and may be supplied by system users. The vulnerability enables code execution by any basic user with access to the system, with no known workarounds. Upgrading is advis...
CVE-2022-24861 Remote Code Execution in Databasir
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to...
CVE-2022-24861 Remote Code Execution in Databasir
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to...
CVE-2022-24860
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP address...
Hardcoded credentials
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP address...
Databasir 代码问题漏洞
Databasir is a team-oriented relational database model document management platform. A security vulnerability exists in Databasir 1.01. The vulnerability stems from the fact that during the JDBC driver download validation process, the corresponding JDBC driver download address is downloaded first...
Databasir 输入验证错误漏洞
Databasir is a team-oriented document management platform for relational database models. A security vulnerability exists in Databasir 1.01 that originates from the JDBC driver being unauthenticated before use leading to code execution by any basic user with access to the system...
CVE-2022-24860
Databasir 1.01 contains a hard-coded cryptographic key vulnerability that lets an attacker generate login credentials for any user and access the backend service at different IP addresses. This is described across multiple sources (NVD description, Red Hat entry, CVE listings) as a use of hard-co...
CVE-2022-24860 Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability.
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP address...
CVE-2022-24860 Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability.
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP address...