CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-31196

Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.4%

CVSS Severity

CVSS v3 Score 7.6

References

Products affected by CVE-2022-31196

Databasir » Databasir » Version: 1.0.0

cpe:2.3:a:databasir:databasir:1.0.0
Databasir » Databasir » Version: 1.0.1

cpe:2.3:a:databasir:databasir:1.0.1
Databasir » Databasir » Version: 1.0.2

cpe:2.3:a:databasir:databasir:1.0.2
Databasir » Databasir » Version: 1.0.3

cpe:2.3:a:databasir:databasir:1.0.3
Databasir » Databasir » Version: 1.0.4

cpe:2.3:a:databasir:databasir:1.0.4
Databasir » Databasir » Version: 1.0.5

cpe:2.3:a:databasir:databasir:1.0.5
Databasir » Databasir » Version: 1.0.6

cpe:2.3:a:databasir:databasir:1.0.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-31196

Products

Pricing

Contact Us