Safety vulnerability ID: 76286
The information on this page was manually curated by our Cybersecurity Intelligence Team.
In eosphoros-ai/db-gpt version v0.6.3 and earlier, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file system. This can potentially lead to Remote Code Execution (RCE) by writing malicious files such as __init__.py in Python's /site-packages/ directory.
Latest version: 0.7.0
DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application