CVE-2024-55081

Published: Dec 19, 2024Modified: Jan 2, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input.

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://gist.github.com/summerxxoo/18b3ccc91aacd606aa4d48a02029e9e7

Source: cve@mitre.org

https://github.com/summerxxoo/VulnPoc/blob/main/chat2DB_XXE.md

Source: cve@mitre.org

Timeline

No history available yet.