Dataease Project: >> Dataease >> 1.11.1 Security Vulnerabilities
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-07-22
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-07-22
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-07-22