Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 12:13 p.m.12 views

CVE-2024-10901

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file...

9.8CVSS8.3AI score0.00994EPSS
Exploits1References1
Circl
Circl
added 2025/03/20 11:40 a.m.6 views

CVE-2024-10901

creationtimestamp| type| source ---|---|--- 2025-03-20 11:40:19+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmh4mapc2s 2026-02-18 13:58:32+00:00| seen| https://gist.github.com/YLChen-007/0f5d82daccccf9d96159a381cb249b8a...

9.8CVSS8.4AI score0.00994EPSS
Exploits1References2
NVD
NVD
added 2025/03/20 10:15 a.m.13 views

CVE-2024-10901

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file...

9.8CVSS0.00994EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.15 views

CVE-2024-10901 Arbitrary File Write via DuckDB SQL Injection in eosphoros-ai/db-gpt

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file...

9.1CVSS0.00994EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.8 views

CVE-2024-10901 Arbitrary File Write via DuckDB SQL Injection in eosphoros-ai/db-gpt

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file...

9.1CVSS9.7AI score0.00994EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.56 views

CVE-2024-10901

CVE-2024-10901 affects eosphoros-ai/db-gpt. In v0.6.0 (and earlier per OSV entry), the web API POST /api/v1/editor/chart/run allows executing arbitrary SQL without access controls, enabling Arbitrary File Write and potentially Remote Code Execution by writing files such as init .py into Python’s ...

9.8CVSS9.7AI score0.00994EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder