Submit #628912: CodePhiliaX Chat2DB 0.3.7 JDBC Connection Remote Code Executioninfo

TitleCodePhiliaX Chat2DB 0.3.7 JDBC Connection Remote Code Execution
DescriptionChat2DB is an intelligent, universal SQL client and data reporting tool that integrates AI capabilities. Chat2DB versions ≤ v0.3.5 have a security vulnerability. The vulnerability stems from the component /datasource/pre_connect interface not checking and restricting the URL entered by the user, allowing attackers to execute arbitrary code by providing a carefully crafted URL.
Source⚠️ https://hip-motorcycle-97a.notion.site/Chat2DB-H2-JDBC-Connection-Remote-Code-Execution-2465f5e4caac80999d51dc98e8fc935f
User
 jmx0hxq (UID 63891)
Submission08/05/2025 15:41 (9 months ago)
Moderation08/19/2025 09:42 (14 days later)
StatusAccepted
VulDB entry320527 [CodePhiliaX Chat2DB up to 0.3.7 JDBC Connection DataSourceController.java sql injection]
Points17

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!