제출 #775593: erupts erupt erupt ≤ 1.13.3 Improper Input Validation정보

제목	erupts erupt erupt ≤ 1.13.3 Improper Input Validation
설명	Erupt contains an arbitrary HQL (Hibernate Query Language) execution vulnerability in the MCP (Model Context Protocol) tool interface. The EruptDataQuery function accepts user-controlled HQL queries without validation or sanitization, allowing authenticated attackers with OpenAPI credentials to execute arbitrary database queries and extract sensitive data.
원천	⚠️ https://fx4tqqfvdw4.feishu.cn/docx/EunDdwORZoG3uzxpLykcj24mncJ?from=from_copylink
사용자	xcxr (UID 86629)
제출	2026. 03. 09. AM 07:49 (2 개월 ago)
모더레이션	2026. 03. 22. PM 12:59 (13 days later)
상태	수락
VulDB 항목	352430 [erupts erupt 까지 1.13.3 MCP Tool Interface EruptDataQuery.java EruptDataQuery SQL 주입]
포인트들	19

Want to know what is going to be exploited?

We predict KEV entries!