Home

Description

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/chart/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file system. This can potentially lead to Remote Code Execution (RCE) by writing malicious files such as `__init__.py` in the Python's `/site-packages/` directory.

PUBLISHED Reserved 2024-11-05 | Published 2025-03-20 | Updated 2025-03-20 | Assigner @huntr_ai




CRITICAL: 9.1CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Any version
affected

References

huntr.com/bounties/db2c1d59-6e3a-4553-a1f6-94c8df162a18

cve.org (CVE-2024-10901)

nvd.nist.gov (CVE-2024-10901)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.