Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2023-37258— DataEase has a SQL injection vulnerability that can bypass blacklists

CVSS 8.8 · High EPSS 0.87% · P55
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-37258

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
DataEase has a SQL injection vulnerability that can bypass blacklists
Source: NVD (National Vulnerability Database)
Vulnerability Description
DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
DataEase SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
DataEase是一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势,从而实现业务的改进与优化。 DataEase 1.18.9之前版本存在SQL注入漏洞,该漏洞源于存在可绕过黑名单的SQL注入漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
dataeasedataease < 1.18.9 -

II. Public POCs for CVE-2023-37258

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium
Qwen3.6-35B-A3B · 8021 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month

III. Intelligence Information for CVE-2023-37258

登录查看更多情报信息。

Vendor Advisories for CVE-2023-37258 (1)

Other References for CVE-2023-37258 (2)

IV. Related Vulnerabilities

V. Comments for CVE-2023-37258

No comments yet


Leave a comment