2023-05-17 00:00:00
mitre
PUBLISHED
In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.