CVE-2026-4173

Summary

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
CodePhiliaXChat2DB0.3.0affected
CodePhiliaXChat2DB0.3.1affected
CodePhiliaXChat2DB0.3.2affected
CodePhiliaXChat2DB0.3.3affected
CodePhiliaXChat2DB0.3.4affected
CodePhiliaXChat2DB0.3.5affected
CodePhiliaXChat2DB0.3.6affected
CodePhiliaXChat2DB0.3.7affected

Weaknesses

  • CWE-89: SQL Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References