CVE-2026-5848

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

CVE-2026-5848 jeecgboot JimuReport Data Source testConnection DriverManager.getConnection code injection

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

PT-2023-31485 · Unknown · Spider-Flow

Name of the Vulnerable Software and Affected Versions: spider-flow versions up to 0.5.0 Description: A critical issue has been found, affecting the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java in the API component. This issue...

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

H2 Database Console Remote Code Execution

Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL database using a browser interface. Homepage: http://www.h2database.com/html/quickstart.html Affecte...

H2 database code issue vulnerability

H2 database is an embeddable Rdbms written in Java . A code issue vulnerability exists in H2 database, which stems from the H2 database's getConnection method taking the driver's class name and the database's URL as parameters, which can be exploited by an attacker to pass the name of the JNDI...

H2database代码问题漏洞

H2 database is an embeddable Rdbms written in Java . A code issue vulnerability exists in H2 database, which stems from the H2 database's getConnection method taking the driver's class name and the database's URL as parameters, which can be exploited by an attacker to pass the name of the JNDI...

Exploit for Deserialization of Untrusted Data in Netapp Cloud_Backup

Description CVE-2020-36179： FasterXML jackson-databind 2.x be...

Authorization Bypass

IronJacamar is vulnerable to an authorization bypass. The library does not use the credentials given in the getConnection function, allowing a malicious user to gain access to a datasource connection by attempting an invalid connection...