This exploit demonstrates an unauthenticated RCE vulnerability in H2 Database versions 1.4.196 and 1.4.197 by leveraging the CREATE ALIAS functionality to execute arbitrary commands. It bypasses authentication by creating a new database with default credentials.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:H2 Database 1.4.196 and 1.4.197
No auth needed
Prerequisites:Network access to the H2 Database web console