CVE-2025-70830 PoC — datart 安全漏洞

Source

https://github.com/xiaoxiaoranxxx/CVE-2025-70830

Associated Vulnerability

Title:datart 安全漏洞 (CVE-2025-70830)
Description:datart是running-elephant开源的一个数据可视化开放平台。 Datart v1.0.0-rc.3版本存在安全漏洞，该漏洞源于Freemarker模板引擎对SQL脚本字段输入清理不当，可能导致经过身份验证的攻击者注入特制模板语法，执行任意代码。

Description

A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field.

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!