CVE-2022-34113 An issue in Dataease's API plugin upload component allows attackers to execute arbitrary code.

A issue in the component /api/system of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.
RCE is possible when uploading a file that contains a function with a specific name and a specific argument. This issue is related to CVE-2018-5407. The component /api/system of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. A RCE is possible when uploading a file that contains a function with a specific name and a specific argument. This issue is related to CVE-2018-5407. What’s new in v1.11.1? Update the component /api/system of Dataease v1.11.1 to fix security issues: update the component /api/system of Dataease v1.11.1 to fix security issues: RCE is possible when uploading a file that contains a function with a specific name and a specific argument. This issue is related to CVE-2018-5407. What’s new in v1.11.0? Update the component /api/system of Dataease v1.11.0 to fix security issues: update the component /api/system of Dataease v1.11.0 to fix security issues: RCE is possible when uploading a file that contains a function with a specific name and a specific argument. This issue is related to CVE-

Coverage and Support

The component /api/system of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. A RCE is possible when uploading a file that contains a function with a specific name and a specific argument. This issue is related to CVE-2018-5407. The component /api/system of Dataease v1.11.0 allows attackers to execute arbitrary code via a crafted plugin. A RCE is possible when uploading a file that contains a function with a specific name and a specific argument. This issue is related to CVE-2018-5407

API to execute remote code

A remote code execution (RCE) vulnerability has been found in Dataease v1.11.0.
CVE-2018-5407 An issue in the component /api/system of Dataease v1.11.0 allows attackers to execute arbitrary code via a crafted plugin. A RCE is possible when uploading a file that contains a function with a specific name and a specific argument. This issue is related to CVE-2018-5407. What’s new in v1.11? Update the component /api/system of Dataease v1.11 to fix security issues: update the component /api/system of Dataease v1.11 to fix security issues: RCE is possible when uploading a file that contains a function with a specific name and a specific argument. This issue is related to CVE-2018-5407

Vulnerability explanation

The component /api/system of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. A RCE is possible when uploading a file that contains a function with a specific name and a specific argument. This issue is related to CVE-2018-5407. What’s new in v1.11.0? Update the component /api/system of Dataease v1.11.0 to fix security issues: update the component /api/system of Dataease v1.11.0 to fix security issues: RCE is possible when uploading a file that contains a function with a specific name and a specific argument. This issue is related to CVE-2018-5407

Installation and configuration

The component /api/system of Dataease v1.11.0 allows attackers to execute arbitrary code via a crafted plugin. A RCE is possible when uploading a file that contains a function with a specific name and a specific argument. This issue is related to CVE-2018-5407. What’s new in v1.11? Add the following changes: update the component /api/system of Dataease v1.11 to fix security issues: update the component /api/system of Dataease v1.11 to fix security issues: RCE is possible when uploading a file that contains a function with a specific name and a specific argument. This issue is related to CVE-2018-5407. Update the component /api/system of Dataease v1.10 to fix security issues: update the component /api/system of Dataease v1.10 to fix security issues: RCE is possible when uploading a file that contains a function with a specific name and a specific argument. This issue is related to CVE-2018-5407

Timeline

Published on: 07/22/2022 23:15:00 UTC
Last modified on: 07/31/2022 01:20:00 UTC

References