Описание
In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the victim's file system. This can potentially lead to Remote Code Execution (RCE).
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:dbgpt:db-gpt:0.6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01087
Низкий
9.1 Critical
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.1
github
11 месяцев назад
DB-GPT is vulnerable to SQL Injection attacks from unauthenticated users
EPSS
Процентиль: 77%
0.01087
Низкий
9.1 Critical
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-89