Enviar #769775: CodePhiliaX Chat2DB <=0.3.7 SQL Injectioninformación

TítuloCodePhiliaX Chat2DB <=0.3.7 SQL Injection
DescripciónMultiple high-severity SQL Injection vulnerabilities in DMDBManage.java component. When processing database export operations for DM databases (e.g., via /api/rdb/database/export endpoint), the application fails to validate or sanitize user-supplied parameters such as schemaName and tableName. These parameters are directly concatenated into SQL query templates using String.format(). This allows authenticated attackers to inject malicious SQL clauses, bypass schema isolation, and extract table structures, metadata, and sensitive data from other privileged schemas.
Fuente⚠️ https://github.com/AnalogyC0de/public_exp/issues/21
Usuario
 Ana10gy (UID 93358)
Sumisión2026-03-02 04:15 (hace 2 meses)
Moderación2026-03-14 16:03 (12 days later)
EstadoAceptado
Entrada de VulDB351080 [CodePhiliaX Chat2DB hasta 0.3.7 Database Export DMDBManage.java inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!