CVE-2026-5848
Remote Code Injection in jeecgboot JimuReport Data Source Handler
Publication date: 2026-04-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jeecgboot | jimureport | to 2.3.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in jeecgboot JimuReport up to version 2.3.0, specifically in the function DriverManager.getConnection within the /drag/onlDragDataSource/testConnection endpoint of the Data Source Handler component.
The issue arises because the dbUrl argument is not properly validated, allowing an attacker to manipulate it to inject malicious code.
By exploiting the INIT parameter in H2 JDBC URLs, an attacker can execute arbitrary Java code during the database connection initialization phase, leading to remote code execution (RCE).
This attack can be initiated remotely by an attacker who has access to the datasource configuration interface.
How can this vulnerability impact me? :
This vulnerability allows an attacker to execute arbitrary system commands remotely on the affected system by injecting malicious code through the dbUrl parameter.
Successful exploitation can lead to remote code execution, which may result in unauthorized control over the system, data theft, data manipulation, or disruption of services.
Because the attacker can run system commands, they could potentially install malware, create backdoors, or escalate privileges, severely compromising the security and integrity of the affected environment.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and intercepting requests to the /drag/onlDragDataSource/testConnection endpoint, especially those involving the dbUrl parameter in datasource configuration requests.
Using a packet capture or interception tool, you can capture the JSON request body when testing datasource connections and inspect the dbUrl parameter for suspicious payloads that exploit the INIT parameter in H2 JDBC URLs.
Example detection steps include:
- Log into the admin panel and navigate to the Report Workspace and Data Source configuration.
- Use a packet capture tool (e.g., Wireshark, tcpdump, or a proxy like Burp Suite) to intercept the 'Test' connection request.
- Inspect the dbUrl parameter in the intercepted JSON request for suspicious H2 JDBC URLs containing the INIT parameter with embedded commands.
No specific command-line commands are provided, but using interception tools to analyze the dbUrl parameter during datasource test connections is the recommended approach.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the datasource configuration interface to trusted and authenticated users only, as exploitation requires access to this admin panel.
Avoid using or testing datasource connections with untrusted or arbitrary dbUrl parameters, especially those using H2 JDBC URLs with the INIT parameter.
Monitor and block suspicious payloads targeting the /drag/onlDragDataSource/testConnection endpoint.
Apply the vendor's forthcoming patch or update to a fixed version of jimureport as soon as it becomes available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote code execution through manipulation of the dbUrl parameter in the Data Source Handler component, which could lead to unauthorized system command execution.
Such unauthorized access and potential data compromise could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access.
However, the provided information does not explicitly detail the direct impact on compliance frameworks or specific regulatory requirements.