Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dataease dataease vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-28437
Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds.
Dataease Dataease
NA
CVE-2023-40183
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an malicious user to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not...
Dataease Dataease
NA
CVE-2022-39312
Dataease is an open source data visualization analysis tool. Dataease before 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `ba...
Dataease Dataease
1 Github repository
NA
CVE-2021-38239
SQL Injection vulnerability in dataease prior to 1.2.0, allows malicious users to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.
Dataease Dataease
NA
CVE-2023-40771
SQL injection vulnerability in DataEase v.1.18.9 allows a remote malicious user to obtain sensitive information via a crafted string outside of the blacklist function.
Dataease Dataease 1.18.9
NA
CVE-2022-34113
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows malicious users to execute arbitrary code via a crafted plugin.
Dataease Dataease 1.11.1
6.5
CVSSv2
CVE-2022-23331
In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.
Dataease Dataease 1.6.1
NA
CVE-2022-34112
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows malicious users to arbitrarily uninstall the plugin, a right normally reserved for the administrator.
Dataease Project Dataease 1.11.1
NA
CVE-2022-34114
Dataease v1.11.1 exists to contain a SQL injection vulnerability via the parameter dataSourceId.
Dataease Project Dataease 1.11.1
NA
CVE-2022-34115
DataEase v1.11.1 exists to contain a arbitrary file write vulnerability via the parameter dataSourceId.
Dataease Project Dataease 1.11.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »