Nerowander

#9753of 53,632
28.4Total CVSS
Vulnerabilities · 3
High
1
Critical
2
PT-2024-29451
9.8
2024-12-05
Dtstack · Dtstack Taier · CVE-2024-41579
**Name of the Vulnerable Software and Affected Versions** DTStack Taier version 1.4.0 **Description** The issue allows remote attackers to specify the `jobName` parameter in the `listNames` function of the console to cause a SQL injection. This can potentially lead to unauthorized access or manipulation of data. **Recommendations** For DTStack Taier version 1.4.0, consider disabling the `listNames` function until a patch is available to prevent exploitation of the SQL injection vulnerability. Restrict access to the console to minimize the risk of remote attackers specifying the `jobName` parameter.
PT-2024-38416
8.8
2024-08-06
Datagear · Datagear · CVE-2024-7552
**Name of the Vulnerable Software and Affected Versions** DataGear versions up to 5.0.0 **Description** A critical issue has been found, affecting the `evaluateVariableExpression` function of the `ConversionSqlParamValueMapper.java` file in the Data Schema Page component. This issue leads to improper neutralization of special elements used in an expression language statement, allowing for remote attacks. **Recommendations** For DataGear versions up to 5.0.0, consider disabling the `evaluateVariableExpression` function as a temporary workaround until a patch is available. Restrict access to the Data Schema Page component to minimize the risk of exploitation.
PT-2024-38367
9.8
2024-08-04
Elunez · Elunez Eladmin · CVE-2024-7458
**Name of the Vulnerable Software and Affected Versions** elunez eladmin versions up to 2.7 **Description** A critical issue affects the Database Management/Deployment Management component, specifically the /api/deploy/upload and /api/database/upload API endpoints. The manipulation of the `file` argument leads to path traversal, allowing access to files outside the intended directory, as demonstrated by the example 'dir/../../filename'. The exploit has been publicly disclosed. **Recommendations** For elunez eladmin versions up to 2.7, consider restricting access to the /api/deploy/upload and /api/database/upload API endpoints until a patch is available. As a temporary workaround, avoid using the `file` argument in these endpoints to minimize the risk of path traversal exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.