2 matches found
CVE-2025-47948
Cocotais Bot (QQ bot framework) has a command-echo vulnerability. In versions 1.5.0-test2-hotfix through 1.6.1, an unauthenticated user can abuse /echo to trigger privileged behavior by injecting platform tags, causing the bot to mention all chat members and bypassing permissions. The issue stem...
CVE-2025-47948
creationtimestamp| type| source ---|---|--- 2025-05-17 12:33:11+00:00| published-proof-of-concept| https://github.com/cocotais/cocotais-bot/security/advisories/GHSA-mj2c-8hxf-ffvq 2025-05-17 20:31:28+00:00| seen|...