CVE-2025-9148: SQL Injection in CodePhiliaX Chat2DB
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9148: SQL Injection in CodePhiliaX Chat2DB
Description
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-08-19T07:42:37.251Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68a4b1bfad5a09ad00f96724
Added to database: 8/19/2025, 5:17:51 PM
Last updated: 8/19/2025, 5:17:51 PM
Views: 1
Related Threats
CVE-2025-54881: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in mermaid-js mermaid
MediumCVE-2025-51506: n/a
HighCVE-2025-54880: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in mermaid-js mermaid
MediumCVE-2025-9147: Cross Site Scripting in jasonclark getsemantic
MediumCVE-2025-52478: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in n8n-io n8n
HighActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.