📦 Db Gpt

This vulnerability allows attackers to upload arbitrary files to any location on the server by exploiting path traversal in the file upload endpoint. Attackers can overwrite critical system files like...

This vulnerability in eosphoros-ai/db-gpt version 0.6.0 allows attackers to write arbitrary files to any location on the server by exploiting the RAG-knowledge endpoint. Attackers can overwrite critic...

This vulnerability in eosphoros-ai/db-gpt allows attackers to execute arbitrary SQL queries via an unprotected web API endpoint, leading to arbitrary file writes and potential remote code execution. I...

This critical vulnerability in eosphoros-ai DB-GPT allows remote attackers to perform path traversal attacks via the import_flow function's File parameter. Attackers can potentially read, write, or de...

DB-GPT versions on Windows systems are vulnerable to arbitrary file deletion through the '/v1/agent/hub/update' endpoint. Attackers can manipulate the 'plugin_repo_name' variable to delete any files o...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in eosphoros-ai/db-gpt version 0.6.0 where the server's CORS middleware allows all origins (*), enabling attackers to make unauthor...

This path traversal vulnerability in db-gpt version 0.6.0 allows attackers to delete arbitrary files on the server by manipulating the file_key parameter in the /v1/resource/file/delete API endpoint. ...

This vulnerability allows unauthenticated attackers to send specially crafted multipart/form-data requests with excessive characters appended to boundaries, causing the server to enter an infinite loo...