CVE-2024-10902

CRITICAL

db-gpt v0.6.0 - Unauthenticated Arbitrary File Upload and Path Traversal via Agent Upload API

Title source: llm

Description

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability includes the potential for remote code execution (RCE) by writing malicious files, such as a malicious `__init__.py` in the Python's `/site-packages/` directory.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://huntr.com/bounties/f7fbf76e-aa1c-4106-b007-e9579f4f7d5f

Scores

CVSS v3 9.8

EPSS 0.0180

EPSS Percentile 83.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

dbgpt/db-gpt 0.6.0

pypi/dbgpt 0PyPI

Published Mar 20, 2025

Tracked Since Feb 18, 2026