20 matches found
CVE-2026-5586
A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been...
SQL Injection
Overview openchatbi is an OpenChatBI - Natural language business intelligence powered by LLMs for intuitive data analysis and SQL generation Affected versions of this package are vulnerable to SQL Injection via the Multi-stage Text2SQL Workflow component when processing the keywords argument. An...
EUVD-2026-19117
A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-5586
A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-5586
A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-5586 zhongyu09 openchatbi Multi-stage Text2SQL Workflow sql injection
A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-5586 zhongyu09 openchatbi Multi-stage Text2SQL Workflow sql injection
A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-5586
CVE-2026-5586 affects zhongyu09 openchatbi up to version 0.2.1, specifically a vulnerability in an unknown function within the Multi-stage Text2SQL Workflow. Manipulating the argument keywords may lead to SQL injection. The attack can be launched remotely, and the exploit has been publicly disclo...
PT-2026-30453
Name of the Vulnerable Software and Affected Versions zongyu09 openchatbi versions up to 0.2.1 Description A flaw exists in the Multi-stage Text2SQL Workflow component of zhongyu09 openchatbi. Manipulation of the keywords argument can result in SQL injection. This issue can be exploited remotely...
OpenChatBI SQL注入漏洞
OpenChatBI is an intelligent data analysis and visualization tool based on natural language dialogue, developed by Yu Zhong. Versions of OpenChatBI prior to 0.2.1 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of parameter ‘keywords’, which could lead ...
CVE-2026-28795
OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...
CVE-2026-28795
OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...
CVE-2026-28795 OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI
OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...
CVE-2026-28795 OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI
OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...
CVE-2026-28795
OpenChatBI’s save_report.py contains a path traversal vulnerability caused by insufficient sanitization of the file_format parameter. The issue allows crafted file_format values to traverse directories and write files outside the intended report directory, potentially overwriting critical files (...
CVE-2026-28795 OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI
OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...
OpenChatBI 路径遍历漏洞
OpenChatBI is an intelligent data analysis and visualization tool based on natural language dialogue, developed by Yu Zhong. Versions of OpenChatBI prior to 0.2.2 contained a path traversal vulnerability. This vulnerability stemmed from insufficient cleaning of the fileformat parameter input in t...
OpenChatBI has a Path Traversal Vulnerability in save_report Tool
Impact The savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the fileformat parameter. The function only removes leading dots of fileformat using fileformat.lstrip"." but allows path traversal sequences...
GHSA-VMWQ-8G8C-JM79 OpenChatBI has a Path Traversal Vulnerability in save_report Tool
Impact The savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the fileformat parameter. The function only removes leading dots of fileformat using fileformat.lstrip"." but allows path traversal sequences...
PT-2026-23001
Name of the Vulnerable Software and Affected Versions OpenChatBI versions prior to 0.2.2 Description OpenChatBI is a chat-based BI tool that allows users to query and analyze data using natural language. The save report tool within the openchatbi/tool/save report.py component is susceptible to a...