Dataease v1.11.1 SQL Injection via parameter dataSourceId

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. Version 1.11.2 contains a fix...

SQL Injection found in Dataease

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. Version 1.11.2 contains a fix...

Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. Version 1.11.2 contains a patch for this issue...

CVE-2022-34113

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...

CVE-2022-34112

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...

CVE-2022-34114

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId...

CVE-2022-34112

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...

CVE-2022-34114

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId...

CVE-2022-34115

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...

CVE-2022-34112

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...

CVE-2022-34113

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...

CVE-2022-34114

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId...

CVE-2022-34115

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...

CVE-2022-34113

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...

Arbitrary file deletion

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...

CVE-2022-34115

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...

Design/Logic Flaw

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...

Design/Logic Flaw

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...

Sql injection

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId...

CVE-2022-34112

CVE-2022-34112 describes an access-control flaw in DataEase v1.11.1 where non-admin users can arbitrarily uninstall the plugin via /api/plugin/uninstall. The issue’s root cause is improper permission checks on the uninstall endpoint, enabling privilege escalation to perform a destructive action. ...