An issue in the component /api/plugin/upload of Dataease v1.11.1 allows malicious users to execute arbitrary code via a crafted plugin.
dataease dataease 1.11.1