Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 12:8 p.m.11 views

CVE-2024-10835

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the...

9.8CVSS8.4AI score0.01083EPSS
Exploits2References1
Circl
Circl
added 2025/03/20 11:40 a.m.6 views

CVE-2024-10835

creationtimestamp| type| source ---|---|--- 2025-03-20 11:40:18+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmh3wmef2v 2026-02-18 13:58:32+00:00| seen| https://gist.github.com/YLChen-007/0f5d82daccccf9d96159a381cb249b8a...

9.8CVSS8.4AI score0.01083EPSS
Exploits2References2
NVD
NVD
added 2025/03/20 10:15 a.m.8 views

CVE-2024-10835

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the...

9.8CVSS0.01083EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.11 views

CVE-2024-10835 Arbitrary File Write via SQL Injection in eosphoros-ai/db-gpt

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the...

9.1CVSS0.01083EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.5 views

CVE-2024-10835 Arbitrary File Write via SQL Injection in eosphoros-ai/db-gpt

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the...

9.1CVSS9.8AI score0.01083EPSS
Exploits2References1
CVE
CVE
added 2025/03/20 10:9 a.m.62 views

CVE-2024-10835

CVE-2024-10835 affects eosphoros-ai/db-gpt v0.6.0. The web API endpoint POST /api/v1/editor/sql/run allows executing arbitrary SQL without access control, enabling Arbitrary File Write via DuckDB SQL and potentially Remote Code Execution (RCE). Affected component: DB-GPT web API handler for edito...

9.8CVSS9.8AI score0.01083EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder