Home

Description

An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input.

PUBLISHED Reserved 2024-12-06 | Published 2024-12-19 | Updated 2025-01-02 | Assigner mitre

References

github.com/summerxxoo/VulnPoc/blob/main/chat2DB_XXE.md

gist.github.com/summerxxoo/18b3ccc91aacd606aa4d48a02029e9e7

cve.org (CVE-2024-55081)

nvd.nist.gov (CVE-2024-55081)

Download JSON