PT-2026-27119 · Codephiliax · Codephiliax Chat2Db
Vuldb
+1
·
Published
2026-03-23
·
Updated
2026-03-23
·
CVE-2026-4586
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
CodePhiliaX Chat2DB versions up to 0.3.7
Description
A flaw exists in CodePhiliaX Chat2DB that allows for unrestricted file uploads. This issue is located within the
Upload function of the JdbcDriverController.java file, specifically in the chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/ component, related to the JDBC Driver Upload. The attack can be initiated remotely. The exploit has been publicly released.Recommendations
Versions prior to 0.3.7 should be updated. As a temporary workaround, consider restricting access to the
Upload function within the JdbcDriverController.java file until a patch is available.Exploit
Fix
Unrestricted File Upload
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Codephiliax Chat2Db