Submeter #775593: erupts erupt erupt ≤ 1.13.3 Improper Input Validationinformação

Títuloerupts erupt erupt ≤ 1.13.3 Improper Input Validation
DescriçãoErupt contains an arbitrary HQL (Hibernate Query Language) execution vulnerability in the MCP (Model Context Protocol) tool interface. The EruptDataQuery function accepts user-controlled HQL queries without validation or sanitization, allowing authenticated attackers with OpenAPI credentials to execute arbitrary database queries and extract sensitive data.
Fonte⚠️ https://fx4tqqfvdw4.feishu.cn/docx/EunDdwORZoG3uzxpLykcj24mncJ?from=from_copylink
Utilizador
 xcxr (UID 86629)
Submissão09/03/2026 07h49 (há 2 meses)
Moderação22/03/2026 12h59 (13 days later)
EstadoAceite
Entrada VulDB352430 [erupts erupt até 1.13.3 MCP Tool Interface EruptDataQuery.java EruptDataQuery Injeção SQL]
Pontos19

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!