CVE-2022-24862

Name of the Vulnerable Software and Affected Versions Databasir version 1.01

Description Databasir is a team-oriented relational database model document management platform. It has a Server-Side Request Forgery issue. During the download verification process of a JDBC driver, the corresponding JDBC driver download address will be downloaded first, but this address will return a response page with complete error information when accessing a non-existent URL. Attackers can take advantage of this feature for SSRF.

Recommendations For Databasir version 1.01, as a temporary workaround, consider restricting the download verification process of JDBC drivers to minimize the risk of exploitation. Avoid using the feature that downloads the JDBC driver download address until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.