CNNVD-202507-2570 Information

CNNVD ID

CNNVD-202507-2570

Related CVE

CVE-2025-7894

• CNNVD Published: 2025-07-20

Description (Chinese)

Titanium OnyX是Titanium公司的一个多功能应用程序。 Titanium OnyX 0.29.1及之前版本存在注入漏洞，该漏洞源于对文件backend/onyx/agents/agent_search/kb_search/nodes/a3_generate_simple_sql.py中函数generate_simple_sql的错误操作导致SQL注入。

Description (English)

Titanium OnyX is a multifunctional application of Titanium. Titanium OnyX 0.29.1 and previous versions had an injection loophole, which stemmed from an error in the function generate simple sql sql injection of the central function of Titanium OnyX 0.291 and previous versions of document Backend/onyx/agents/agent search/kb search/nodes/a3 generate sql.py.

Hazard Level

High

Vulnerability Type

注入

Affected Vendor

Titanium

Published

2025-07-20

Last Modified

2026-02-24

References

https://www.cnblogs.com/aibot/p/18982747 https://vuldb.com/?submit.615322 https://vuldb.com/?id.317009 https://vuldb.com/?ctiid.317009 https://access.redhat.com/security/cve/cve-2025-7894