जमा करें #775593: erupts erupt erupt ≤ 1.13.3 Improper Input Validationजानकारी

शीर्षक	erupts erupt erupt ≤ 1.13.3 Improper Input Validation
विवरण	Erupt contains an arbitrary HQL (Hibernate Query Language) execution vulnerability in the MCP (Model Context Protocol) tool interface. The EruptDataQuery function accepts user-controlled HQL queries without validation or sanitization, allowing authenticated attackers with OpenAPI credentials to execute arbitrary database queries and extract sensitive data.
स्रोत	⚠️ https://fx4tqqfvdw4.feishu.cn/docx/EunDdwORZoG3uzxpLykcj24mncJ?from=from_copylink
उपयोगकर्ता	xcxr (UID 86629)
सबमिशन	09/03/2026 07:49 AM (2 महीनों पहले)
संयम	22/03/2026 12:59 PM (13 days later)
स्थिति	स्वीकृत
VulDB प्रविष्टि	352430 [erupts erupt तक 1.13.3 MCP Tool Interface EruptDataQuery.java EruptDataQuery SQL इंजेक्शन]
अंक	19

Interested in the pricing of exploits?

See the underground prices here!