Submeter #769775: CodePhiliaX Chat2DB <=0.3.7 SQL Injectioninformação

TítuloCodePhiliaX Chat2DB <=0.3.7 SQL Injection
DescriçãoMultiple high-severity SQL Injection vulnerabilities in DMDBManage.java component. When processing database export operations for DM databases (e.g., via /api/rdb/database/export endpoint), the application fails to validate or sanitize user-supplied parameters such as schemaName and tableName. These parameters are directly concatenated into SQL query templates using String.format(). This allows authenticated attackers to inject malicious SQL clauses, bypass schema isolation, and extract table structures, metadata, and sensitive data from other privileged schemas.
Fonte⚠️ https://github.com/AnalogyC0de/public_exp/issues/21
Utilizador
 Ana10gy (UID 93358)
Submissão02/03/2026 04h15 (há 2 meses)
Moderação14/03/2026 16h03 (12 days later)
EstadoAceite
Entrada VulDB351080 [CodePhiliaX Chat2DB até 0.3.7 Database Export DMDBManage.java Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!