4 matches found
CVE-2025-71332 Flowise - SQL Injection in importChatflows API via chatflow.id Parameter
Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to ...
CVE-2025-71332
Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to ...
CVE-2025-71332
Flowise 2.2.7 contains a SQL injection in the importChatflows API triggered by unsanitized chatflow.id in a JSON import file. An authenticated user can craft the id field so it is concatenated into a SQL IN clause, enabling arbitrary SQL execution and extraction of data from the credential table ...
PT-2026-51761
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.2.8 Description An authenticated user can execute arbitrary SQL commands, including blind and error-based data extraction from the credential table, due to insufficient validation of the id field in JSON import file...