Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/24 11:53 a.m.6 views

CVE-2025-71332 Flowise - SQL Injection in importChatflows API via chatflow.id Parameter

Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to ...

8.5CVSS6AI score0.00283EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2025-71332

Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to ...

8.8CVSS6AI score0.00283EPSS
Exploits1References3
CVE
CVE
added 2026/06/24 11:53 a.m.8 views

CVE-2025-71332

Flowise 2.2.7 contains a SQL injection in the importChatflows API triggered by unsanitized chatflow.id in a JSON import file. An authenticated user can craft the id field so it is concatenated into a SQL IN clause, enabling arbitrary SQL execution and extraction of data from the credential table ...

8.8CVSS6AI score0.00283EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.12 views

PT-2026-51761

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.2.8 Description An authenticated user can execute arbitrary SQL commands, including blind and error-based data extraction from the credential table, due to insufficient validation of the id field in JSON import file...

8.8CVSS6.1AI score0.00283EPSS
Exploits1References10
Rows per page
Query Builder