CVE-2022-24861

moderate-risk
Published 2022-04-20

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to the system. Users are advised to upgrade. There are no known workarounds to this issue.

Do I need to act?

~
3.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: a8a8f6fbbf568655099f1255584c40d9f63b070b
9
CVSS 9.9/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Databasir

Affected Vendors

Databasir

References (6)

Patch https://github.com/vran-dev/databasir/commit/ca22a8fef7a31c0235b0b2951260a7819b8...
Patch https://github.com/vran-dev/databasir/pull/103
Exploit https://github.com/vran-dev/databasir/security/advisories/GHSA-5r2v-wcwh-7xmp
Patch https://github.com/vran-dev/databasir/commit/ca22a8fef7a31c0235b0b2951260a7819b8...
Patch https://github.com/vran-dev/databasir/pull/103
Exploit https://github.com/vran-dev/databasir/security/advisories/GHSA-5r2v-wcwh-7xmp
44
/ 100
moderate-risk
Severity 33/34 · Critical
Exploitability 6/34 · Minimal
Exposure 5/34 · Minimal