ReportizFlow
Filtered by vendor Eosphoros-ai
Subscriptions
Filtered by product Db-gpt
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-51459 | 1 Eosphoros-ai | 1 Db-gpt | 2025-07-25 | 6.5 Medium |
| File Upload vulnerability in agent.hub.controller.refresh_plugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary code via a malicious plugin ZIP file uploaded to the /v1/personal/agent/upload endpoint, interacting with plugin_hub._sanitize_filename and plugins_util.scan_plugins. | ||||
| CVE-2025-51458 | 1 Eosphoros-ai | 1 Db-gpt | 2025-07-25 | 6.5 Medium |
| SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted input passed to the /v1/editor/sql/run or /v1/editor/chart/run endpoints, interacting with api_editor_v1.editor_sql_run, editor_chart_run, and datasource.rdbms.base.query_ex. | ||||
| CVE-2025-6772 | 1 Eosphoros-ai | 1 Db-gpt | 2025-07-14 | 7.3 High |
| A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
Page 1 of 1.