41 matches found
Databasir 安全漏洞
Databasir is a open-source relational database model documentation management platform for teams. Versions of Databasir 1.0.7 and earlier contain security vulnerabilities. These vulnerabilities stem from SQL injections in the query parameters of the search API endpoint, which could allow remote...
CVE-2022-31196
Databasir is a database metadata management platform. Databasir = 1.06 has Server-Side Request Forgery SSRF vulnerability. The SSRF is triggered by a sending a single HTTP POST request to create a databaseType. By supplying a jdbcDriverFileUrl that returns a non 200 response code, the url is...
EUVD-2022-29637
Malicious code in bioql PyPI...
EUVD-2023-31557
Malicious code in bioql PyPI...
CVE-2023-27821
Databasir v1.0.7 was discovered to contain a remote code execution RCE vulnerability via the mockDataScript parameter...
CVE-2022-24861
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to...
CVE-2022-24860
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP address...
CVE-2022-24862
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address wi...
CVE-2023-27821
Databasir v1.0.7 was discovered to contain a remote code execution RCE vulnerability via the mockDataScript parameter...
CVE-2023-27821
Databasir v1.0.7 was discovered to contain a remote code execution RCE vulnerability via the mockDataScript parameter...
Remote code execution
Databasir v1.0.7 was discovered to contain a remote code execution RCE vulnerability via the mockDataScript parameter...
CVE-2023-27821
Databasir v1.0.7 was discovered to contain a remote code execution RCE vulnerability via the mockDataScript parameter...
PT-2023-21363 · Databasir · Databasir
Name of the Vulnerable Software and Affected Versions: Databasir version 1.0.7 Description: The issue is related to a remote code execution RCE vulnerability. It can be exploited via the mockDataScript parameter. Recommendations: For Databasir version 1.0.7, consider restricting access to the...
CVE-2023-27821
Databasir v1.0.7 was discovered to contain a remote code execution RCE vulnerability via the mockDataScript parameter...
Databasir 安全漏洞
Databasir is a relational database model document management platform for teams. A security vulnerability exists in Databasir version 1.0.7, which stems from the discovery of a remote code execution RCE vulnerability via the mockDataScript parameter...
CVE-2023-27821
Databasir v1.0.7 contains a remote code execution (RCE) vulnerability exploitable via the mockDataScript parameter (CVE-2023-27821). The CVSSv3.1 base score is 9.8 (CRITICAL) with NETWORK attack vector and no user interaction. Connected documents corroborate RCE via mockDataScript and indicate Po...
CVE-2022-31196
Databasir is a database metadata management platform. Databasir = 1.06 has Server-Side Request Forgery SSRF vulnerability. The SSRF is triggered by a sending a single HTTP POST request to create a databaseType. By supplying a jdbcDriverFileUrl that returns a non 200 response code, the url is...
Server side request forgery (ssrf)
Databasir is a database metadata management platform. Databasir = 1.06 has Server-Side Request Forgery SSRF vulnerability. The SSRF is triggered by a sending a single HTTP POST request to create a databaseType. By supplying a jdbcDriverFileUrl that returns a non 200 response code, the url is...
CVE-2022-31196 Server-Side Request Forgery (SSRF) vulnerability in Databasir
Databasir is a database metadata management platform. Databasir = 1.06 has Server-Side Request Forgery SSRF vulnerability. The SSRF is triggered by a sending a single HTTP POST request to create a databaseType. By supplying a jdbcDriverFileUrl that returns a non 200 response code, the url is...
CVE-2022-31196 Server-Side Request Forgery (SSRF) vulnerability in Databasir
Databasir is a database metadata management platform. Databasir = 1.06 has Server-Side Request Forgery SSRF vulnerability. The SSRF is triggered by a sending a single HTTP POST request to create a databaseType. By supplying a jdbcDriverFileUrl that returns a non 200 response code, the url is...