Server-Side Request Forgery in Databasir

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address will return a response page with complete error information when accessing a non-existent URL. Attackers can take advantage of this feature for SSRF.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

服务端请求伪造(SSRF)

Databasir 代码问题漏洞

Databasir是一个面向团队的关系型数据库模型文档管理平台。 Databasir 1.01存在安全漏洞，该漏洞源于在JDBC驱动的下载验证过程中，会先下载对应的JDBC驱动下载地址，但是当访问一个不存在的URL时，这个地址会返回一个包含完整错误信息的响应页面。

N/A

N/A