CVE-2026-4173
Remote SQL Injection in CodePhiliaX Chat2DB Database Export Handler
Publication date: 2026-03-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| codephiliax | chat2db | 0.3.7 |
| codephiliax | chat2db | to 0.3.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4173 is a critical SQL Injection vulnerability found in the CodePhiliaX Chat2DB application up to version 0.3.7. It affects multiple functions in the DMDBManage.java file responsible for database export operations. The vulnerability arises because user-supplied inputs such as schemaName and tableName are directly concatenated into SQL query strings using unsafe methods like String.format() without proper validation or sanitization.
This improper handling allows authenticated attackers to inject malicious SQL code remotely, bypassing schema isolation controls and extracting sensitive metadata and data from privileged database schemas. The flaw is due to the lack of parameterized queries and input validation, enabling attackers to manipulate SQL commands executed by the application.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can have significant impacts on the confidentiality, integrity, and availability of your database systems.'}, {'type': 'list_item', 'content': 'Confidentiality: Attackers can extract sensitive data, table structures, views, stored procedures, and metadata from privileged schemas they should not have access to.'}, {'type': 'list_item', 'content': "Integrity: The risk is lower because the typical JDBC executeQuery() method does not support stacked queries, limiting attackers' ability to modify data (UPDATE, INSERT, DELETE)."}, {'type': 'list_item', 'content': 'Availability: Attackers could cause localized denial of service by injecting resource-intensive queries that exhaust database resources.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is remotely exploitable by authenticated users and a proof-of-concept exploit is publicly available, attackers can leverage this flaw to compromise sensitive information and potentially disrupt database operations.'}] [1, 2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious SQL injection attempts targeting the /api/rdb/database/export endpoint of CodePhiliaX Chat2DB versions up to 0.3.7. Specifically, look for unusual or malformed inputs in parameters such as schemaName and tableName that may contain SQL injection payloads.'}, {'type': 'paragraph', 'content': "One detection method is to intercept and analyze POST requests to the /api/rdb/database/export endpoint for payloads that include SQL injection patterns, such as those containing logical operators like ' OR '1'='1'."}, {'type': 'paragraph', 'content': 'Example command using curl to test for SQL injection in the schemaName parameter:'}, {'type': 'list_item', 'content': 'curl -X POST https://target/api/rdb/database/export -d \'{"schemaName": "test\' OR \'1\'=\'1", "tableName": "someTable"}\' -H \'Content-Type: application/json\''}, {'type': 'paragraph', 'content': 'Additionally, database query logs can be inspected for queries constructed using string concatenation with suspicious input values. Network intrusion detection systems (NIDS) can be configured to alert on SQL injection patterns targeting this endpoint.'}] [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Avoid using the vulnerable versions of CodePhiliaX Chat2DB (up to 0.3.7) if possible, and consider replacing the affected component with an alternative product.
- If continuing to use the affected version, restrict access to the /api/rdb/database/export endpoint to trusted and authenticated users only.
- Implement strict input validation on parameters such as schemaName and tableName, allowing only alphanumeric characters and underscores with length limits.
- Modify the source code to replace unsafe string concatenation (String.format) with parameterized queries (PreparedStatement) to safely bind user inputs.
Since the vendor has not provided a patch or response, these mitigations are critical to reduce the risk of exploitation.