Lucene search
K

41 matches found

OSV
OSV
added 2022/09/02 7:45 p.m.14 views

CVE-2022-31196 Server-Side Request Forgery (SSRF) vulnerability in Databasir

Databasir is a database metadata management platform. Databasir = 1.06 has Server-Side Request Forgery SSRF vulnerability. The SSRF is triggered by a sending a single HTTP POST request to create a databaseType. By supplying a jdbcDriverFileUrl that returns a non 200 response code, the url is...

7.6CVSS7.4AI score0.00815EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/09/02 12:0 a.m.6 views

Databasir 代码问题漏洞

Databasir is a team-oriented document management platform for relational database models. A code issue vulnerability exists in Databasir versions prior to 1.0.7 that stems from a server-side request forgery SSRF vulnerability by providing a jdbcDriverFileUrl that returns a non-200 response code,...

7.6CVSS7.5AI score0.00815EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/09/02 12:0 a.m.5 views

PT-2022-20605 · Databasir · Databasir

Name of the Vulnerable Software and Affected Versions: Databasir versions 1.06 and earlier Description: The issue allows attackers to perform Server-Side Request Forgery SSRF by sending a single HTTP POST request to create a databaseType. This is achieved by supplying a jdbcDriverFileUrl that...

7.6CVSS7.5AI score0.00815EPSS
Exploits1References5
NVD
NVD
added 2022/04/20 7:15 p.m.28 views

CVE-2022-24861

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to...

9.9CVSS0.02775EPSS
Exploits1References3
NVD
NVD
added 2022/04/20 7:15 p.m.24 views

CVE-2022-24862

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address wi...

7.7CVSS0.00969EPSS
Exploits1References2
Prion
Prion
added 2022/04/20 7:15 p.m.19 views

Server side request forgery (ssrf)

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address wi...

4CVSS7.5AI score0.00969EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/04/20 7:15 p.m.20 views

Remote code execution

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to...

6.5CVSS8.9AI score0.02775EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/04/20 6:20 p.m.24 views

CVE-2022-24862 Server-Side Request Forgery in Databasir

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address wi...

7.7CVSS7.8AI score0.00969EPSS
Exploits1References2
CVE
CVE
added 2022/04/20 6:20 p.m.78 views

CVE-2022-24862

Databasir 1.01 contains a Server-Side Request Forgery (SSRF) flaw in the JDBC driver download verification process: the download URL is fetched, but accessing a non-existent URL returns a full error page. This behavior can be exploited for SSRF. Exploitation details, impact scope, and fixes are n...

7.7CVSS7.6AI score0.00969EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/04/20 6:20 p.m.24 views

CVE-2022-24862 Server-Side Request Forgery in Databasir

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address wi...

7.7CVSS7.4AI score0.00969EPSS
Exploits1References4
CVE
CVE
added 2022/04/20 6:15 p.m.79 views

CVE-2022-24861

CVE-2022-24861 affects Databasir 1.01, where remote code execution is possible because JDBC drivers are not validated before use and may be supplied by system users. The vulnerability enables code execution by any basic user with access to the system, with no known workarounds. Upgrading is advis...

9.9CVSS9.1AI score0.02775EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/04/20 6:15 p.m.37 views

CVE-2022-24861 Remote Code Execution in Databasir

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to...

9.9CVSS10AI score0.02775EPSS
Exploits1References3
OSV
OSV
added 2022/04/20 6:15 p.m.21 views

CVE-2022-24861 Remote Code Execution in Databasir

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to...

9.9CVSS8.8AI score0.02775EPSS
Exploits1References5
NVD
NVD
added 2022/04/20 12:16 a.m.21 views

CVE-2022-24860

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP address...

9.8CVSS0.0161EPSS
Exploits1References5
Prion
Prion
added 2022/04/20 12:16 a.m.19 views

Hardcoded credentials

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP address...

7.5CVSS9.3AI score0.0161EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2022/04/20 12:0 a.m.3 views

Databasir 代码问题漏洞

Databasir is a team-oriented relational database model document management platform. A security vulnerability exists in Databasir 1.01. The vulnerability stems from the fact that during the JDBC driver download validation process, the corresponding JDBC driver download address is downloaded first...

7.7CVSS7.3AI score0.00969EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/04/20 12:0 a.m.4 views

Databasir 输入验证错误漏洞

Databasir is a team-oriented document management platform for relational database models. A security vulnerability exists in Databasir 1.01 that originates from the JDBC driver being unauthenticated before use leading to code execution by any basic user with access to the system...

9.9CVSS8.4AI score0.02775EPSS
Exploits1References4
CVE
CVE
added 2022/04/19 11:25 p.m.709 views

CVE-2022-24860

Databasir 1.01 contains a hard-coded cryptographic key vulnerability that lets an attacker generate login credentials for any user and access the backend service at different IP addresses. This is described across multiple sources (NVD description, Red Hat entry, CVE listings) as a use of hard-co...

9.8CVSS8.7AI score0.0161EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2022/04/19 11:25 p.m.28 views

CVE-2022-24860 Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability.

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP address...

7.4CVSS9.6AI score0.0161EPSS
Exploits1References5
OSV
OSV
added 2022/04/19 11:25 p.m.27 views

CVE-2022-24860 Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability.

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP address...

7.4CVSS9.1AI score0.0161EPSS
Exploits1References7
Rows per page
Query Builder