Apache Kylin 2.3.x < 3.1.0 Command Injection

According to its banner, the version of Apache Kylin running on the remote host is 2.3.x 3.1.0. It is, therefore, affected by a Command Injection vulnerability through the REST API. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reporte...

CVE-2022-24697

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...