EUVD-2026-14475

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

CVE-2026-4593 erupts erupt MCP Tool EruptDataQuery.java EruptDataQuery sql injection

A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It is possible to...

PT-2026-27150

A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It is possible to...

Erupt Unrestricted Upload of File with Dangerous Type vulnerability

An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2025-45855

An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2025-45855

An active CVE exists for erupt v1.12.19: arbitrary file upload in the /upload/GoodsCategory/image component can lead to code execution. The root cause is an unsecured upload endpoint that accepts crafted files, enabling an attacker to execute arbitrary code on the host. MITRE/attack details are n...