Jimureport
Monthly
Code injection in JimuReport's Data Source Handler allows authenticated high-privilege users to execute arbitrary code via manipulated dbUrl parameters in the DriverManager.getConnection function (versions up to 2.3.0). The vulnerability requires high-privilege authentication but can be exploited remotely with low attack complexity; publicly available exploit code exists and the vendor has acknowledged the issue with a fix planned for an upcoming release.
JimuReport through 2.1.3 has RCE via user-controlled H2 JDBC URLs. The application passes attacker-supplied JDBC connection strings directly to the H2 driver, which supports directives for arbitrary Java code execution. PoC available.
A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Code injection in JimuReport's Data Source Handler allows authenticated high-privilege users to execute arbitrary code via manipulated dbUrl parameters in the DriverManager.getConnection function (versions up to 2.3.0). The vulnerability requires high-privilege authentication but can be exploited remotely with low attack complexity; publicly available exploit code exists and the vendor has acknowledged the issue with a fix planned for an upcoming release.
JimuReport through 2.1.3 has RCE via user-controlled H2 JDBC URLs. The application passes attacker-supplied JDBC connection strings directly to the H2 driver, which supports directives for arbitrary Java code execution. PoC available.
A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.