CVE-2025-51458
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-51458
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-51458.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-51458
- Published
- 2025-07-22T20:15:25Z
- Modified
- 2025-10-22T16:20:54.815541Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
SQL Injection in editorsqlrun and queryex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted input passed to the /v1/editor/sql/run or /v1/editor/chart/run endpoints, interacting with apieditorv1.editorsqlrun, editorchartrun, and datasource.rdbms.base.queryex.
- References
Affected packages
Git / github.com/eosphoros-ai/db-gpt
Affected ranges
- Type
- GIT
- Repo
- https://github.com/eosphoros-ai/db-gpt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
0.*
0.4.1
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4-alpha
v0.0.5-beta
v0.0.6
v0.0.7
v0.1.0
v0.1.1
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v0.4.0
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.7.0