CVE-2021-33523

Name of the Vulnerable Software and Affected Versions MashZone NextGen versions through 10.7 GA

Description The issue allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in the com.idsscheer.ppmmashup.business.jdbc.DriverUploadController.

Recommendations For MashZone NextGen versions through 10.7 GA, consider disabling the DriverUploadController function until a patch is available to prevent the upload of malicious JDBC drivers. Restrict access to the admin console to minimize the risk of exploitation.