Jackieya

**Name of the Vulnerable Software and Affected Versions** MaxKB versions prior to 2.8.0 **Description** A Remote Code Execution issue exists in the MCP node of the workflow engine. The system fails to properly validate user-supplied JSON when loading `mcp servers`, as the fix for a previous issue only restricted the referencing code path. Because the `mcp source` variable is optional, an attacker can bypass existing restrictions by omitting it or providing a non-referencing value. By sending a crafted JSON payload to the workflow creation API, an attacker can inject an MCP node configuration using stdio transport with arbitrary commands and arguments, leading to code execution when the workflow is triggered via chat. **Recommendations** Update to version 2.8.0.

**Name of the Vulnerable Software and Affected Versions** SQLBot versions prior to 1.7.0 **Description** SQLBot is a data query system utilizing a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery (SSRF) issue that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the `/api/v1/datasource/check` endpoint by configuring a forged MySQL data source with a malicious parameter `extraJdbc='local infile=1'`. When the SQLBot backend attempts to verify the connectivity of this data source, an attacker-controlled MySQL server issues a malicious `LOAD DATA LOCAL INFILE` command during the MySQL handshake. This forces the target server to read arbitrary files from its local filesystem and transmit the contents back to the attacker. **Recommendations** Update SQLBot to version 1.7.0 or later.

**Name of the Vulnerable Software and Affected Versions** SQLBot versions prior to 1.7.0 **Description** SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection issue in the `/api/v1/datasource/uploadExcel` endpoint that enables Remote Code Execution (RCE). Any authenticated user, even with the lowest privileges, can fully compromise the backend server. The root cause is that Excel sheet names are directly concatenated into PostgreSQL table names without sanitization (datasource.py#L351), and these table names are embedded into COPY SQL statements via f-strings instead of parameterized queries (datasource.py#L385-L388). An attacker can bypass the 31-character sheet name limit using a two-stage technique: first, uploading a normal file with shell commands in its data rows, and then uploading a manipulated XML file with a sheet name that injects a TO PROGRAM 'sh' clause into the SQL. Confirmed impacts include arbitrary command execution as the postgres user (uid=999), sensitive file exfiltration (e.g., /etc/passwd, /etc/shadow), and complete PostgreSQL database takeover. **Recommendations** Versions prior to 1.7.0 should be updated to version 1.7.0 or later.

**Name of the Vulnerable Software and Affected Versions** SQLBot versions 1.5.0 and below **Description** SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection issue that combines three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology, unsanitized storage of terminology descriptions containing dangerous payloads, and a lack of semantic fencing when injecting terminology into the LLM's system prompt. These flaws allow an attacker to hijack the LLM's reasoning to generate malicious PostgreSQL commands (e.g., `COPY ... TO PROGRAM`), ultimately achieving Remote Code Execution on the database or application server with postgres user privileges. The API endpoint used for malicious uploads is the Excel upload API. The vulnerable parameter is the uploaded Excel file containing malicious terminology. **Recommendations** Versions prior to 1.6.0 should be updated to version 1.6.0 or later.

**Name of the Vulnerable Software and Affected Versions** HuankeMao SCRM versions up to 0.0.3 **Description** A critical issue has been found in the Administrator Backend component, specifically in the function `upload domain verification file` of the file `WxkConfig.php`. The manipulation of the argument `domain verification file` leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** For HuankeMao SCRM versions up to 0.0.3, as a temporary workaround, consider disabling the `upload domain verification file` function until a patch is available. Restrict access to the `WxkConfig.php` file to minimize the risk of exploitation. Avoid using the `domain verification file` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Yunke Online School System versions up to 3.0.6 Description: A vulnerability was found in the Yunke Online School System, affecting the `downfile` function of the file `application/admin/controller/Appadmin.php`. The manipulation of the `url` argument leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: For versions up to 3.0.6, as a temporary workaround, consider disabling the `downfile` function until a patch is available. Restrict access to the `application/admin/controller/Appadmin.php` file to minimize the risk of exploitation. Avoid using the `url` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.