Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:3 p.m.11 views

CVE-2022-34112

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...

6.5CVSS6.8AI score0.00524EPSS
Exploits1References1
NVD
NVD
added 2022/07/22 11:15 p.m.28 views

CVE-2022-34115

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...

9.8CVSS0.00977EPSS
Exploits1References2
NVD
NVD
added 2022/07/22 11:15 p.m.22 views

CVE-2022-34112

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...

6.5CVSS0.00524EPSS
Exploits1References1
NVD
NVD
added 2022/07/22 11:15 p.m.26 views

CVE-2022-34113

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...

9.8CVSS0.01087EPSS
Exploits1References1
OSV
OSV
added 2022/07/22 11:15 p.m.17 views

CVE-2022-34113

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...

9.8CVSS9.5AI score
Exploits0References1
OSV
OSV
added 2022/07/22 11:15 p.m.12 views

CVE-2022-34115

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...

9.8CVSS7.5AI score
Exploits0References2
OSV
OSV
added 2022/07/22 11:15 p.m.13 views

CVE-2022-34114

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId...

8.8CVSS8.2AI score
Exploits0References1
NVD
NVD
added 2022/07/22 11:15 p.m.21 views

CVE-2022-34114

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId...

8.8CVSS0.00779EPSS
Exploits1References1
OSV
OSV
added 2022/07/22 11:15 p.m.9 views

CVE-2022-34112

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...

6.5CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2022/07/22 11:15 p.m.13 views

Design/Logic Flaw

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...

4CVSS6.4AI score0.00524EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/07/22 11:15 p.m.16 views

Sql injection

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId...

6.5CVSS9AI score0.00779EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/07/22 11:15 p.m.19 views

Design/Logic Flaw

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...

7.5CVSS9.5AI score0.01087EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/07/22 10:17 p.m.27 views

CVE-2022-34112

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...

6.6AI score0.00524EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/07/22 10:17 p.m.22 views

CVE-2022-34114

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId...

9.2AI score0.00779EPSS
Exploits1References1
CVE
CVE
added 2022/07/22 10:17 p.m.435 views

CVE-2022-34112

CVE-2022-34112 describes an access-control flaw in DataEase v1.11.1 where non-admin users can arbitrarily uninstall the plugin via /api/plugin/uninstall. The issue’s root cause is improper permission checks on the uninstall endpoint, enabling privilege escalation to perform a destructive action. ...

6.5CVSS6.3AI score0.00524EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/07/22 10:17 p.m.25 views

CVE-2022-34113

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...

9.8AI score0.01087EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/07/22 10:16 p.m.27 views

CVE-2022-34115

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...

9.8AI score0.00977EPSS
Exploits1References2
Rows per page
Query Builder