إرسال #706120: FIT2CLOUD SQLBot 1.3.0 Missing Authenticationالمعلومات

عنوانFIT2CLOUD SQLBot 1.3.0 Missing Authentication
الوصفSQLBot version 1.3.0 and earlier contains a missing authentication vulnerability in the `/api/v1/datasource/uploadExcel` endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data directly into the PostgreSQL database.
المصدر⚠️ https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-Unauthenticated-File-Upload.md
المستخدم
 yaowenxiao (UID 82929)
ارسال04/12/2025 09:02 AM (6 أشهر منذ)
الاعتدال18/02/2026 09:51 AM (3 months later)
الحالةتمت الموافقة
إدخال VulDB342228 [Dataease SQLBot حتى 1.4.x Endpoint uploadExcel to_sql توثيق ضعيف]
النقاط20

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!