A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.exec_module of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Critical vulnerability discovered in eosphoros-ai db-gpt 0.7.5 allows for remote code execution (RCE). Exploiting the importlib.machinery.SourceFileLoader.exec_module function within the Flow Import Endpoint enables attackers to inject and execute arbitrary code, potentially leading to complete system compromise. The vendor has not responded to the disclosure, and a public exploit is available, making this a high-priority threat.
Step 1: Payload Preparation: The attacker crafts a malicious Python file. This file contains arbitrary Python code designed to achieve the attacker's objectives (e.g., reverse shell, data exfiltration, privilege escalation).
Step 2: Payload Delivery: The attacker uses the Flow Import Endpoint to upload or provide the path to the crafted malicious Python file. This endpoint is designed to import and execute Python code related to data flows.
Step 3: File Processing: The importlib.machinery.SourceFileLoader.exec_module function is invoked, processing the uploaded file. Due to the vulnerability, the file's contents are not properly validated.
Step 4: Code Execution: The malicious Python code within the uploaded file is executed by the server, within the context of the db-gpt application. This allows the attacker to execute arbitrary commands, potentially gaining full control of the system.
The vulnerability stems from insufficient input validation and sanitization within the Flow Import Endpoint's handling of file imports. Specifically, the importlib.machinery.SourceFileLoader.exec_module function, when processing user-supplied file content, fails to properly sanitize the input. This allows an attacker to craft a malicious file containing Python code that is then executed within the context of the db-gpt application. The lack of proper input validation allows for code injection, enabling the attacker to execute arbitrary commands on the server. The root cause is a logic flaw where the application trusts the imported file's contents without verifying its integrity or origin. This bypasses security controls and grants attackers the ability to execute malicious code.