DataEase vulnerable to SQL injection

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function...

CVE-2023-40771

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function...

CVE-2023-40771

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function...

CVE-2023-40771

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function...

Sql injection

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function...

DataEase SQL Injection Vulnerability

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase version v.1.18.9, which stems from the presence of a SQL...

PT-2023-27633 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase version 1.18.9 Description: A SQL injection issue allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function. Recommendations: For DataEase version 1.18.9, at the moment, there is ...

CVE-2023-40771

CVE-2023-40771 : DataEase v1.18.9 suffers a SQL injection due to processing a crafted string that bypasses the blacklist function, enabling a remote attacker to obtain sensitive information. The vulnerability is documented across multiple sources (e.g., Red Hat, NVD, GOV advisories) with an affec...

CVE-2023-40771

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function...

CVE-2023-37257

DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds...

CVE-2023-37258

DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds...

Sql injection

DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds...

Cross site scripting

DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds...

CVE-2023-37258 DataEase has a SQL injection vulnerability that can bypass blacklists

DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds...

CVE-2023-37258

DataEase has a SQL injection vulnerability in versions prior to 1.18.9 that can bypass blacklist checks. Root cause: improper handling in SQL construction/validation allows bypassing input filtering. Affected: DataEase open-source data visualization/analysis tool (pre-1.18.9). Impact per sources:...

CVE-2023-37258 DataEase has a SQL injection vulnerability that can bypass blacklists

DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds...

CVE-2023-37258 DataEase has a SQL injection vulnerability that can bypass blacklists

DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds...

CVE-2023-37257

CVE-2023-37257 is a stored cross-site scripting vulnerability in DataEase prior to version 1.18.9, affecting the DataEase panel and dataset. The root cause is a stored XSS condition in the panel/dataset that could be triggered by user input or data rendering, as documented by multiple sources. Th...

CVE-2023-37257 The DataEase panel and dataset have a stored XSS vulnerability

DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds...

CVE-2023-37257 The DataEase panel and dataset have a stored XSS vulnerability

DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds...