CVE Details
Basic Information
| Title | hitsz-ids airda completions execute sql injection |
|---|---|
| Type | cve |
| Published | 2025-07-08T01:32:07.956Z |
| Modified | 2025-07-08T01:32:07.956Z |
Product Information
| Vendor | hitsz-ids |
|---|---|
| Product | airda |
| Version | 0.0.3 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A SQL injection vulnerability exists in the execute function of airda version 0.0.3, allowing remote attackers to inject malicious SQL code via the question argument. This can lead to unauthorized data access and manipulation. |
|---|---|
| AI Severity | Medium |
| AI Vendor | hitsz-ids |
| AI Product | airda |
| AI Version | 0.0.3 |
Affected Products
- hitsz-ids airda 0.0.3
Additional Information
| CWE List | CWE-89, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability has been found in hitsz-ids airda 0.0.3 and classified as critical. This vulnerability affects the function execute of the file /v1/chat/completions. The manipulation of the argument question leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.