CVE-2023-41916

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-552
View all →

Vulnerability Description

In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis = 1.4.0 will be affected. We recommend users upgrade the version of Linkis to version 1.5.0.

Related Vulnerabilities

CVE-2016-10829

MEDIUM
CVSS:6.5(Medium)

cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).

CWE-5522016

CVE-2017-1308

MEDIUM
CVSS:6.5(Medium)

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force I...

CWE-5522017

CVE-2017-6922

MEDIUM
CVSS:6.5(Medium)

In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visib...

CWE-5522017

CVE-2018-1079

MEDIUM
CVSS:6.5(Medium)

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from...

CWE-5522018

CVE-2019-13140

MEDIUM
CVSS:6.5(Medium)

Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to dec...

CWE-5522019

CVE-2019-17130

MEDIUM
CVSS:6.5(Medium)

vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.

CWE-5522019