admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 02:31:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/CVE-2021-42392.md
之乎者也 df26085e01
Create CVE-2021-42392.md
2023-04-07 10:58:06 +08:00

1.2 KiB
Raw Blame History

H2 Database Console login.do Code Execution Vulnerability (CVE-2021-42392)

Vulnerability H2 Database Console login.do Code Execution Vulnerability (CVE-2021-42392)
Chinese name H2 Database 数据库 login.do 文件远程代码执行漏洞 (CVE-2021-42392)
CVSS core 9.0
FOFA Query (click to view the results directly) body="login.jsp?jsessionid=" && body="Welcome to H2"
Number of assets affected 488
Description H2 database is a Java memory database, which is mainly used for unit testing. There is an unauthorized remote code execution vulnerability in the H2 Database Web management page. An attacker can use this vulnerability to arbitrarily execute code on the server side, write to the back door, and obtain server permissions, thereby controlling the entire web server.
Impact Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.