Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Aix-DB up to 1.2.3 allows local SQL injection attacks
CVE-2026-4530
Summary
A security issue in Aix-DB versions up to 1.2.3 can allow an attacker to manipulate data in a way that could lead to unauthorized access or data tampering. This issue requires a local attack, which means an attacker would need to have access to the system. It's recommended to update to the latest version to fix this issue.
Original title
A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument...
Original description
A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
4.3
nvd CVSS3.1
5.3
nvd CVSS4.0
4.8
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 22 Mar 2026 · Updated: 22 Mar 2026 · First seen: 22 Mar 2026