cbcvebase.
CVE-2024-10830
published 2025-03-20

CVE-2024-10830: A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint `/v1/resource/file/delete`. This vulnerability allows an…

PriorityP351high8.2CVSS 3.0
AVNACLPRNUINSUCNILAH
EPSS
0.67%
47.3th percentile
A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint `/v1/resource/file/delete`. This vulnerability allows an attacker to delete any file on the server by manipulating the `file_key` parameter. The `file_key` parameter is not properly sanitized, enabling an attacker to specify arbitrary file paths. If the specified file exists, the application will delete it.

Affected

2 ranges
VendorProductVersion rangeFixed in
dbgptdb-gpt
eosphoros-aieosphoros-ai_db-gptunspecified – latest
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.