漏洞描述
H2database是一个用 Java 编写的可嵌入 Rdbms。 H2database 存在安全漏洞,该漏洞源于H2数据库的getConnection方法以驱动的类名和数据库的URL作为参数。攻击者可利用该漏洞传递JNDI驱动程序名称和指向LDAP或RMI服务器的URL,从而导致远程代码执行。
H2 Database 远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC kanboard-database-exposure: Kanboard - SQLite Database Exposure
- POC batflat-sqlite-exposure: Batflat SQLite Database - Exposure
- POC CVE-2022-38130: KeySight RF - smsRestoreDatabaseZip UNC path to Remote Code Execution
- POC wordpress-db-exposure: WordPress Database Backup File - Exposure
- pbootcms-database-file-download: Pbootcms Database File Download
- POC CVE-2018-19386: SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
- POC CVE-2020-36333: ThemeGrill Demo Importer < 1.6.2 - Database Reset
- POC CVE-2023-0514: Membership Database <= 1.0 - Cross-Site Scripting
- POC CVE-2023-33568: Dolibarr Unauthenticated Contacts Database Theft
- POC CVE-2024-24565: CrateDB Database - Arbitrary File Read
- POC mssql-audit-disabled: Microsoft SQLServer Database Instances - SQL Auditing Disabled
- POC mysql-audit-disabled: MySQL Database Instances - SQL Auditing Disabled
- POC postgresql-audit-disabled: PostgreSQL Database Instances - SQL Auditing Disabled