CVE-2025-9148 | CodePhiliaX Chat2DB up to 0.3.7 JDBC Connection DataSourceController.java sql injection

A vulnerability labeled as critical has been found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection.

This vulnerability is identified as CVE-2025-9148. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9148 | CodePhiliaX Chat2DB up to 0.3.7 JDBC Connection DataSourceController.java sql injection

Post correlati

CVE-2024-24312 | Vaales V_QRS 2024-01-17 Models/UserModel.php sql injection

CVE-2023-6908 | DFIRKuiper 2.3.4 TAR Archive case_management.py unzip_file dst_path path traversal (ID 106)

CVE-2024-44302 | Apple tvOS Font information disclosure

CVE-2024-12626 | AutomatorWP Plugin up to 5.0.9 on WordPress a-0-o-search_field_value cross site scripting