Submit #769775: CodePhiliaX Chat2DB <=0.3.7 SQL Injectioninfo

TitleCodePhiliaX Chat2DB <=0.3.7 SQL Injection
DescriptionMultiple high-severity SQL Injection vulnerabilities in DMDBManage.java component. When processing database export operations for DM databases (e.g., via /api/rdb/database/export endpoint), the application fails to validate or sanitize user-supplied parameters such as schemaName and tableName. These parameters are directly concatenated into SQL query templates using String.format(). This allows authenticated attackers to inject malicious SQL clauses, bypass schema isolation, and extract table structures, metadata, and sensitive data from other privileged schemas.
Source⚠️ https://github.com/AnalogyC0de/public_exp/issues/21
User
 Ana10gy (UID 93358)
Submission03/02/2026 04:15 (2 months ago)
Moderation03/14/2026 16:03 (12 days later)
StatusAccepted
VulDB entry351080 [CodePhiliaX Chat2DB up to 0.3.7 Database Export DMDBManage.java sql injection]
Points20

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!