CVE-2024-10901

EUVD-2025-7089

20.03.2025, 10:15

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/chart/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file system. This can potentially lead to Remote Code Execution (RCE) by writing malicious files such as `__init__.py` in the Python's `/site-packages/` directory.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@huntr_ai	CNA	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 77%

Affected Products (NVD)

Vendor	Product	Version
dbgpt	db-gpt	0.6.0

𝑥

= Vulnerable software versions

Known Exploits!

https://huntr.com/bounties/db2c1d59-6e3a-4553-a1f6-94c8df162a18

Common Weakness Enumeration

CWE-434 - Unrestricted Upload of File with Dangerous Type
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

References

https://huntr.com/bounties/db2c1d59-6e3a-4553-a1f6-94c8df162a18