إرسال #707291: FIT2CLOUD SQLBot 1.3.0 Improper Verification of Cryptographic Signatureالمعلومات

عنوان	FIT2CLOUD SQLBot 1.3.0 Improper Verification of Cryptographic Signature
الوصف	SQLBot version 1.3.0 and earlier contains a JWT signature verification bypass vulnerability in the embedded authentication mechanism. The validateEmbedded function explicitly disables both signature verification (verify_signature: False) and expiration verification (verify_exp: False) when decoding JWT tokens, allowing an attacker to forge arbitrary JWT tokens and impersonate any user if they know a valid assistant/embedded ID.
المصدر	⚠️ https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-JWT-Signature-Verification-Bypass.md
المستخدم	yaowenxiao (UID 82929)
ارسال	05/12/2025 04:29 PM (4 أشهر منذ)
الاعتدال	01/03/2026 07:31 AM (3 months later)
الحالة	تمت الموافقة
إدخال VulDB	348292 [Dataease SQLBot حتى 1.5.1 JWT Token auth.py validateEmbedded توثيق ضعيف]
النقاط	20

Want to know what is going to be exploited?

We predict KEV entries!