| Description: | | EOVA is a rapid development framework based on the JFinal development platform , designed to provide efficient , easy-to-use development tools and components to simplify the development process . EOVA has a JDBC deserialization vulnerability, due to the JDBC connection to the mysql server, the parameters are fully controllable , can be passed into the malicious configuration and malicious mysql server address , resulting in a deserialization vulnerability . An attacker can exploit this vulnerability to execute arbitrary commands. |