CodePhiliaX Chat2DB Unrestricted Upload Vulnerability in JDBC Driver Component
Vulnerability
A critical vulnerability allowing unrestricted upload of arbitrary JAR files has been identified in CodePhiliaX Chat2DB versions through 0.3.7. This issue resides in the JDBC Driver Upload functionality, specifically within the JdbcDriverController.java file. The vulnerability can be exploited remotely by authenticated users, who can upload malicious JAR files that are subsequently loaded and executed by the server, leading to remote code execution.
Impact
Exploitation of this vulnerability allows for authenticated remote code execution on the server where Chat2DB is running.
Reproduction
To reproduce this vulnerability, an authenticated user must upload a JAR file containing malicious code through the JDBC driver upload feature. Once the file is uploaded, the server will load the JAR file and execute the malicious code, resulting in remote code execution.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.