3 matches found
EUVD-2025-210326
Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to ...
GHSA-9C4C-G95M-C8CP FlowiseDB vulnerable to SQL Injection by authenticated users
Summary import functions are vulnerable. importChatflows importTools importVariables Details Authenticated user can call importChatflows API, import json file such as AllChatflows.json. but Due to insufficient validation to chatflow.id in importChatflows API, 2 issues arise. Issue 1 Bug Type 1...
FlowiseDB vulnerable to SQL Injection by authenticated users
Summary import functions are vulnerable. importChatflows importTools importVariables Details Authenticated user can call importChatflows API, import json file such as AllChatflows.json. but Due to insufficient validation to chatflow.id in importChatflows API, 2 issues arise. Issue 1 Bug Type 1...