Vulnerabilities > Datax WEB Project

DATE CVE VULNERABILITY TITLE RISK
2023-12-27 CVE-2023-7116 OS Command Injection vulnerability in Datax-Web Project Datax-Web 2.1.2
A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2.
network
low complexity
datax-web-project CWE-78
critical
9.8
2023-01-13 CVE-2022-46478 Deserialization of Untrusted Data vulnerability in Datax-Web Project Datax-Web
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data.
network
low complexity
datax-web-project CWE-502
critical
9.8