+0 days VulDB last update Sources info Advisory: gitee. It may be suggested to replace the affected object with an alternative product.Īctive APT Groups: ? Countermeasures info Recommended: no mitigation knownĠ-Day Time: ? Timeline info CVE reserved There is no information about possible countermeasures known. Bugs are getting fixed quickly, a lot of updates with new functionality. Functionality is very powerful, supports almost all data sources you would like to connect to it. Creating queries is much faster than any other comparable tool. The attack technique deployed by this issue is T1608.002 according to MITRE ATT&CK. It has a great UX and is very straightforward to use, and advanced users can easily drop into SQL if needed. The pricing for an exploit might be around USD $0-$5k at the moment ( estimation calculated on ). The technical details are unknown and an exploit is not publicly available. The identification of this vulnerability is CVE-2022-35150 since. The summary by CVE is:īaijicms v4 was discovered to contain an arbitrary file upload vulnerability. The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. Using CWE to declare the problem leads to CWE-434. The manipulation with an unknown input leads to a privilege escalation vulnerability. Add variables to queries to develop interactive visualizations without relying on complex SQL queries. Leverage the notebook editor to dig deeper into data with visual joins, aggregations and filters.
This issue affects an unknown functionality. Metabase is an open-source business intelligence solution that allows users to analyze data and answer questions through a visual interface. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability was found in Baijicms 4 ( Content Management System). The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.