4 matches found
CVE-2025-67509
CVE-2025-67509 affects the Neuron PHP framework up to version 2.8.11, where the MySQLSelectTool is vulnerable to a read-only bypass that permits file writes via SQL constructs like INTO OUTFILE/INTO DUMPFILE. Validation that relies on the first keyword (e.g., SELECT) and a forbidden-keyword list ...
CVE-2025-67510 MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...
CVE-2024-43973
Missing Authorization vulnerability in AyeCode Ltd GetPaid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through 2.8.11...
FasterXML jackson-databind Security Bypass Vulnerability
FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . Jackson-databind is one of the components with data binding capabilities . A security bypass vulnerability exists in FasterXML jackson-databind versions 2.8.11 and earlier and versions 2.9.x through 2.9.3. An attacker...