6 matches found
CVE-2024-10901
In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file...
CVE-2024-10901
creationtimestamp| type| source ---|---|--- 2025-03-20 11:40:19+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmh4mapc2s 2026-02-18 13:58:32+00:00| seen| https://gist.github.com/YLChen-007/0f5d82daccccf9d96159a381cb249b8a...
CVE-2024-10901
In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file...
CVE-2024-10901 Arbitrary File Write via DuckDB SQL Injection in eosphoros-ai/db-gpt
In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file...
CVE-2024-10901 Arbitrary File Write via DuckDB SQL Injection in eosphoros-ai/db-gpt
In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file...
CVE-2024-10901
CVE-2024-10901 affects eosphoros-ai/db-gpt. In v0.6.0 (and earlier per OSV entry), the web API POST /api/v1/editor/chart/run allows executing arbitrary SQL without access controls, enabling Arbitrary File Write and potentially Remote Code Execution by writing files such as init .py into Python’s ...