EUVD-2026-13804
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Tags
Description
A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
SQL injection in eosphoros-ai db-gpt versions up to 0.7.5 allows unauthenticated remote attackers to manipulate the /api/v1/editor/ endpoint and execute arbitrary database queries. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running DB-GPT up to version 0.7.5 and immediately isolate them from production networks or restrict access to the /api/v1/editor/ endpoint via firewall rules. Within 7 days: Implement Web Application Firewall (WAF) rules to block SQL injection patterns targeting the vulnerable endpoint, and monitor for suspicious database activity. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today