3 results (0.002 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. Un problema de control de acceso en el componente /api/plugin/uninstall de Dataease versión v1.11.1, permite a atacantes desinstalar arbitrariamente el plugin, un derecho normalmente reservado al administrador • https://github.com/dataease/dataease/issues/2429 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. Se ha detectado que Dataease versión v1.11.1, contiene una vulnerabilidad de inyección SQL por medio del parámetro dataSourceId • https://github.com/dataease/dataease/issues/2430 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. Se descubrió que DataEase v1.11.1 contiene una vulnerabilidad de escritura arbitraria de archivos a través del parámetro dataSourceId • https://github.com/dataease/dataease/issues/2428 https://github.com/dataease/dataease/releases/tag/v1.11.2 • CWE-434: Unrestricted Upload of File with Dangerous Type •