Submeter #706120: FIT2CLOUD SQLBot 1.3.0 Missing Authenticationinformação

TítuloFIT2CLOUD SQLBot 1.3.0 Missing Authentication
DescriçãoSQLBot version 1.3.0 and earlier contains a missing authentication vulnerability in the `/api/v1/datasource/uploadExcel` endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data directly into the PostgreSQL database.
Fonte⚠️ https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-Unauthenticated-File-Upload.md
Utilizador
 yaowenxiao (UID 82929)
Submissão04/12/2025 09h02 (há 6 meses)
Moderação18/02/2026 09h51 (3 months later)
EstadoAceite
Entrada VulDB342228 [Dataease SQLBot até 1.4.x Endpoint uploadExcel to_sql Autenticação fraca]
Pontos20

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!