An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.

Dataease before 1.11.2 allows arbitrary code execution via crafter plugin