CVE-2024-1032 HIGH

CVE-2024-1032: openBI Test Connection Databasesource.php testConnection deserialization

Vendor N/A
Product openBI
Weakness CWE-502 · Unsafe deserialization
Published January 30, 2024
Last update August 27, 2024
View on NVD All CVEs

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability classified as critical was found in openBI up to 1.0.8. Affected by this vulnerability is the function testConnection of the file /application/index/controller/Databasesource.php of the component Test Connection Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252307.

Key dates

02Disclosure timeline

January 30, 2024 CVE published
August 27, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-60245 WordPress WP User Manager plugin <= 2.9.12 - PHP Object Injection vulnerability CVE-2025-30949 WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability CVE-2023-50219 Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability CVE-2026-39890 PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading CVE-2025-69371 WordPress KindlyCare theme <= 1.6.1 - PHP Object Injection vulnerability