← Retour aux CVEs

CVE-2022-24861

CRITICAL

9.9

Description

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to the system. Users are advised to upgrade. There are no known workarounds to this issue.

Details CVE

Score CVSS v3.19.9

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie4/20/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

databasir:databasir

Faiblesses (CWE)

CWE-20CWE-20

References

https://github.com/vran-dev/databasir/commit/ca22a8fef7a31c0235b0b2951260a7819b89993b(security-advisories@github.com)

https://github.com/vran-dev/databasir/pull/103(security-advisories@github.com)

https://github.com/vran-dev/databasir/security/advisories/GHSA-5r2v-wcwh-7xmp(security-advisories@github.com)

https://github.com/vran-dev/databasir/commit/ca22a8fef7a31c0235b0b2951260a7819b89993b(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/vran-dev/databasir/pull/103(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/vran-dev/databasir/security/advisories/GHSA-5r2v-wcwh-7xmp(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.