Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
Datart v1.0.0-rc.3: Attackers can execute code with authorized access
CVE-2025-70830
Summary
Authenticated users can inject malicious code into Datart's template engine, potentially allowing them to access sensitive data or take control of the system. This affects users who have authorized access to the system. To stay secure, update to a fixed version of Datart or restrict access to sensitive features until a patch is available.
Original title
A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemark...
Original description
A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field.
nvd CVSS3.1
9.9
Vulnerability type
CWE-94
Code Injection
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026