Datart v1.0.0-rc.3: Malicious URL in JDBC Config Allows Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

Datart v1.0.0-rc.3: Malicious URL in JDBC Config Allows Code Execution

CVE-2025-70828

Summary

An attacker can inject malicious code into the Datart application by manipulating the url parameter in the JDBC configuration. This could allow them to take control of the system or steal sensitive data. To protect against this, update to the latest version of Datart or review and secure your JDBC configuration settings.

Original title

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration

Original description

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration

nvd CVSS3.1 8.8

Vulnerability type

CWE-78 OS Command Injection

https://dev.mysql.com/doc/connector-j/en/connector-j-connprops-interceptor-class...
https://github.com/xiaoxiaoranxxx/CVE-2025-70828

Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026