CVE-2024-55081

9.8

Critical

Published:19 Dec 2024

Last updated:17 Jun 2026

Source:cve@mitre.org

Deferred

Weakness (CWE)

CWE-611XML External Entity (XXE)

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input.

References

cve@mitre.org

https://gist.github.com/summerxxoo/18b3ccc91aacd606aa4d48a02029e9e7

cve@mitre.org

https://github.com/summerxxoo/VulnPoc/blob/main/chat2DB_XXE.md