漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Server-Side Request Forgery (SSRF) vulnerability in Databasir
Vulnerability Description
Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Databasir 代码问题漏洞
Vulnerability Description
Databasir是一个面向团队的关系型数据库模型文档管理平台。 Databasir 1.0.7之前版本存在代码问题漏洞,该漏洞源于服务器端请求伪造(SSRF)漏洞,通过提供一个jdbcDriverFileUrl,返回一个非200的响应代码,url被执行后响应被记录(在终端和数据库中)并包含在响应中。这将允许攻击者获得真实的IP地址并扫描内网信息。
CVSS Information
N/A
Vulnerability Type
N/A