5 matches found
CVE-2024-12358
WeiYe-Jing datax-web 2.1.1 is affected by an OS command injection in the glueSource parameter of /api/job/add/. The vulnerability, described as critical, can be triggered remotely and has been disclosed publicly. Affected component is the /api/job/add/ processing logic; root cause is input manipu...
CVE-2023-7116
WeiYe-Jing datax-web 2.1.2 is affected by an OS command injection in the HTTP POST handler for /api/log/killJob, via manipulation of the processId parameter. The issue can be exploited remotely and has been disclosed publicly. Remediation recommended in connected templates is to update to a newer...
CVE-2022-46478
The CVE-2022-46478 issue affects datax-web v1.0.0 and v2.0.0 through v2.1.2. The RPC interface does not perform default permission checks, enabling an attacker to execute arbitrary commands by sending crafted Hessian-serialized data. Impact is described as remote command execution over the networ...
CVE-2025-13251
The CVE-2025-13251 entry concerns WeiYe-Jing datax-web up to 2.1.2, where an unknown function can be manipulated to cause SQL injection. Multiple sources (NVD, Red Hat RH:CVE-2025-13251, CNNVD-202511-1817, EUVD-2025-197731, osv) describe remote exploitation with published exploits. Impact is desc...
CVE-2025-13250
The CVE-2025-13250 vulnerability affects WeiYe-Jing datax-web (up to 2.1.2), specifically the Job Handler’s remove, update, pause, start, and triggerJob functions. The described flaw causes improper access controls and can be exploited remotely; multiple sources confirm public exploitation vector...