Coze Studio
Monthly
SQL injection in ByteDance coze-studio up to version 0.5.1 allows authenticated remote attackers to manipulate the ExecuteSQL function in the databaseTool component, enabling arbitrary SQL query execution with limited confidentiality and integrity impact. The vulnerability has a publicly available exploit and affects the backend database service layer; the vendor has not responded to disclosure efforts.
SQL injection in ByteDance coze-studio up to version 0.5.1 allows authenticated remote attackers to manipulate the ExecuteSQL function in the databaseTool component, enabling arbitrary SQL query execution with limited confidentiality and integrity impact. The vulnerability has a publicly available exploit and affects the backend database service layer; the vendor has not responded to disclosure efforts.