CVE-2024-10901

CriticalPublic PoC

Published: 20 March 2025

Published

20 March 2025

Modified

17 July 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0154 81.4th percentile

Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse Python commands and scripts for execution.

Security Summary

CVE-2024-10901 is a critical vulnerability in eosphoros-ai/db-gpt version v0.6.0, where the web API endpoint `POST /api/v1/editor/chart/run` permits execution of arbitrary SQL queries without any access control. This flaw enables attackers to perform arbitrary file writes on the victim's file system. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type).

Unauthenticated attackers with network access can exploit this vulnerability by sending crafted requests to the affected API endpoint, leading to arbitrary SQL execution. This allows them to write malicious files anywhere on the file system, potentially achieving remote code execution (RCE). For instance, attackers could write a malicious `__init__.py` file into Python's `/site-packages/` directory to execute arbitrary code.

The primary advisory is available at https://huntr.com/bounties/db2c1d59-6e3a-4553-a1f6-94c8df162a18, which details the vulnerability discovered through a bug bounty program. Security practitioners should consult this reference for specific mitigation guidance, such as upgrading to a patched version of db-gpt or implementing access controls on the API endpoint.

Details

CWE(s): CWE-434

Affected Products

dbgpt

db-gpt

0.6.0

AI Security Analysis

AI Category: Enterprise AI Assistants
Risk Domain: Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: DB-GPT (eosphoros-ai/db-gpt) is an open-source platform for building enterprise AI-native applications and private AI assistants powered by LLMs for database interactions, fitting the Enterprise AI Assistants category. The vulnerability is in its web API, confirmed AI-related via AI/ML bug bounty platform.

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

T1059.006 Python Execution

Adversaries may abuse Python commands and scripts for execution.

attack.mitre.org →

Why these techniques?

Unauthenticated web API allows arbitrary SQL execution (T1190: Exploit Public-Facing Application), enabling database data collection (T1213.006: Databases) and arbitrary file writes to site-packages for Python RCE (T1059.006: Python).

References

https://huntr.com/bounties/db2c1d59-6e3a-4553-a1f6-94c8df162a18
Exploit, Third Party Advisory · security@huntr.dev