CVE-2018-10054

HIGH

Datomic < 0.9.5697 - Remote Code Execution via H2 CREATE ALIAS

Title source: manual

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-10054. PoCs published by gambler, h00die, gambler, h4ckNinja, Nairuz Abulhul, including Metasploit module exploits/linux/http/h2_webinterface_rce.

AI-analyzed exploit summary This exploit abuses H2 Database's alias functionality to create a custom Java function that executes arbitrary commands, leading to remote code execution (RCE). It automates the process of logging in, creating the malicious alias, and executing commands via SQL queries.

Description

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."

Exploits (2)

exploitdb WORKING POC VERIFIED

by gambler · pythonlocaljava

https://www.exploit-db.com/exploits/44422

View Code ZIP pw:eip

This exploit abuses H2 Database's alias functionality to create a custom Java function that executes arbitrary commands, leading to remote code execution (RCE). It automates the process of logging in, creating the malicious alias, and executing commands via SQL queries.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: H2 Database (all versions)

Auth required

Prerequisites: Network access to the H2 Database console · Valid credentials (default or known) · H2 Database console exposed

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by h00die, gambler, h4ckNinja, Nairuz Abulhul · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/h2_webinterface_rce.rb