Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to the system. Users are advised to upgrade. There are no known workarounds to this issue.
References
| Link | Resource |
|---|---|
| https://github.com/vran-dev/databasir/commit/ca22a8fef7a31c0235b0b2951260a7819b89993b | Patch Third Party Advisory |
| https://github.com/vran-dev/databasir/pull/103 | Patch Third Party Advisory |
| https://github.com/vran-dev/databasir/security/advisories/GHSA-5r2v-wcwh-7xmp | Exploit Third Party Advisory |
Configurations
History
03 May 2022, 15:02
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://github.com/vran-dev/databasir/commit/ca22a8fef7a31c0235b0b2951260a7819b89993b - Patch, Third Party Advisory | |
| References | (MISC) https://github.com/vran-dev/databasir/pull/103 - Patch, Third Party Advisory | |
| References | (CONFIRM) https://github.com/vran-dev/databasir/security/advisories/GHSA-5r2v-wcwh-7xmp - Exploit, Third Party Advisory | |
| CWE | CWE-20 | |
| CPE | cpe:2.3:a:databasir:databasir:1.0.1:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
20 Apr 2022, 19:20
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-04-20 19:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-24861
Mitre link : CVE-2022-24861
CVE.ORG link : CVE-2022-24861
JSON object : View
Products Affected
databasir
- databasir
CWE
CWE-20
Improper Input Validation