Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/24 11:53 a.m.6 views

CVE-2025-71332 Flowise - SQL Injection in importChatflows API via chatflow.id Parameter

Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to ...

8.5CVSS6AI score0.00283EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.13 views

EUVD-2025-210326

Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to ...

8.5CVSS6AI score0.00283EPSS
Exploits1References2
OSV
OSV
added 2025/04/07 6:55 p.m.6 views

GHSA-9C4C-G95M-C8CP FlowiseDB vulnerable to SQL Injection by authenticated users

Summary import functions are vulnerable. importChatflows importTools importVariables Details Authenticated user can call importChatflows API, import json file such as AllChatflows.json. but Due to insufficient validation to chatflow.id in importChatflows API, 2 issues arise. Issue 1 Bug Type 1...

5.9CVSS8.5AI score0.00283EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/04/07 6:55 p.m.16 views

FlowiseDB vulnerable to SQL Injection by authenticated users

Summary import functions are vulnerable. importChatflows importTools importVariables Details Authenticated user can call importChatflows API, import json file such as AllChatflows.json. but Due to insufficient validation to chatflow.id in importChatflows API, 2 issues arise. Issue 1 Bug Type 1...

8.8CVSS8.5AI score0.00283EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder