漏洞描述
H2 是一个非常流行的开源 Java SQL数据库,它提供了一个轻量级的内存解决方案,不需要将数据存储在磁盘上。H2数据库组件中存在JNDI注入,这是一个类似于LOG4J2的漏洞,h2自带web控制台,攻击者可以利用JNDI注入进行远程命令执行
H2数据库控制台 test.do 存在JNDI注入(CVE-2021-42392)
PoC代码
暂无相关漏洞推荐
- jndi-test: JNDI Test
- Apache CXF Aegis databinding /test 文件读取漏洞(CVE-2024-28752)
- Magento /rest/all/V1/guest-carts/test-assetnote/estimate-shipping-methods XML 外部实体注入漏洞(CVE-2024-34102)
- Nuxt.js /__nuxt_component_test__ 代码执行漏洞(CVE-2023-3224)
- POC CVE-2020-36836: WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion
- POC CVE-2021-24915: Contest Gallery < 13.1.0.6 - SQL injection
- POC CVE-2023-6063: WP Fastest Cache 1.2.2 - SQL Injection
- POC CVE-2025-24963: Vitest Browser Mode - Local File Read
- POC CVE-2022-40881: SolarView network_test.php 远程命令执行漏洞
- POC azure-aks-api-version-not-latest: Azure AKS Kubernetes API Version Not Latest
- POC azure-aks-kubernetes-version-outdated: Azure AKS Kubernetes Version Not Latest
- POC azure-appservice-tls-latest-version-missing: Azure App Service TLS Latest Version Not Configured
- POC azure-redis-tls-version-outdated: Azure Redis Cache TLS Version Not Latest