Thomastno

**Name of the Vulnerable Software and Affected Versions** Databasir versions 1.06 and earlier **Description** The issue allows attackers to perform Server-Side Request Forgery (SSRF) by sending a single HTTP POST request to create a databaseType. This is achieved by supplying a `jdbcDriverFileUrl` that returns a non 200 response code. As a result, the URL is executed, and the response is logged, potentially allowing attackers to obtain the real IP address and scan Intranet information. **Recommendations** For Databasir versions 1.06 and earlier, update to version 1.0.7 to resolve the issue.