← voltar
CVE-2026-8724

Dataease Data Dashboard SqlparserUtils.java SqlparserUtils.transFilter sql injection

CVSS 5.1 MEDIUMEPSS 0.4%CWE-74CWE-89
A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils.transFilter of the file SqlparserUtils.java of the component Data Dashboard. The manipulation results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
n/a · Dataease
PoCs públicas encontradas1
cve_referencegithub.com/xpp3901/CVE_APPLY/tree/main/V-D001_DataEase_SqlVariable_Injectionnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/xpp3901/CVE_APPLY/tree/main/V-D001_DataEase_SqlVariable_Injectionhttps://vuldb.com/submit/804256https://vuldb.com/vuln/364315https://vuldb.com/vuln/364315/cti