CVE-2022-24861

Published: Apr 20, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to the system. Users are advised to upgrade. There are no known workarounds to this issue.

Affected (1)

Products: Databasir: Databasir

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Databasir Databasir	Version 1.0.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

https://github.com/vran-dev/databasir/commit/ca22a8fef7a31c0235b0b2951260a7819b89993b

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/vran-dev/databasir/pull/103

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/vran-dev/databasir/security/advisories/GHSA-5r2v-wcwh-7xmp

Source: security-advisories@github.com

ExploitThird Party Advisory

https://github.com/vran-dev/databasir/commit/ca22a8fef7a31c0235b0b2951260a7819b89993b

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/vran-dev/databasir/pull/103

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/vran-dev/databasir/security/advisories/GHSA-5r2v-wcwh-7xmp

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.