CVE-2022-24861
CRITICALDatabasir 1.01 - Remote Code Execution via Unvalidated JDBC Driver
Title source: llmDescription
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to the system. Users are advised to upgrade. There are no known workarounds to this issue.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/vran-dev/databasir/security/advisories/GHSA-5r2v-wcwh-7xmp
Patch, Third Party Advisory x_refsource_misc
https://github.com/vran-dev/databasir/pull/103
Patch, Third Party Advisory x_refsource_misc
https://github.com/vran-dev/databasir/commit/ca22a8fef7a31c0235b0b2951260a7819b89993b
Scores
CVSS v3
9.9
EPSS
0.0278
EPSS Percentile
84.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (1)
databasir/databasir
1.0.1
Published
Apr 20, 2022
Tracked Since
Feb 18, 2026