Login Sign Up

CVE-2022-24861

9.9 CRITICAL
Remote Code Execution

📋 TL;DR

Databasir 1.01 has a remote code execution vulnerability where JDBC drivers uploaded by users are not validated before use. This allows any authenticated user to execute arbitrary code on the server. All users with access to the system are affected.

💻 Affected Systems

Products:
  • Databasir
Versions: Version 1.01 specifically
Operating Systems: All platforms running Databasir
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of Databasir 1.01 are vulnerable regardless of configuration.

📦 What is this software?

Databasir by Databasir

View all CVEs affecting Databasir →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining root/administrator privileges, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Attacker executes arbitrary code with application service account privileges, potentially accessing database credentials and sensitive data.

🟢

If Mitigated

Limited impact with proper network segmentation and minimal privileges, but still significant due to code execution capability.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can easily exploit this to gain full control.
🏢 Internal Only: HIGH - Even internally, any authenticated user can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit ca22a8fef7a31c0235b0b2951260a7819b89993b

Vendor Advisory: https://github.com/vran-dev/databasir/security/advisories/GHSA-5r2v-wcwh-7xmp

Restart Required: Yes

Instructions:

1. Stop Databasir service. 2. Update to latest version from GitHub repository. 3. Restart Databasir service.

🧯 If You Can't Patch

  • Immediately restrict access to Databasir to only essential users
  • Implement network segmentation to isolate Databasir from critical systems

🔍 How to Verify

Check if Vulnerable:

Check if running Databasir version 1.01 by examining application version or deployment configuration.

Check Version:

Check application logs or configuration files for version information specific to your deployment method.

Verify Fix Applied:

Verify version is updated beyond commit ca22a8fef7a31c0235b0b2951260a7819b89993b and test that JDBC driver upload validation is enforced.

📡 Detection & Monitoring

Log Indicators:

  • Unusual JDBC driver uploads
  • Suspicious file execution patterns
  • Unexpected process creation from Databasir service

Network Indicators:

  • Unusual outbound connections from Databasir server
  • Suspicious payloads in HTTP requests to Databasir

SIEM Query:

Search for Databasir process spawning unexpected child processes or making unusual network connections.

📊 Metadata

CVE ID: CVE-2022-24861
CVSS v3 Score: 9.9 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-20
Published: April 20, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24861, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)