A critical code injection vulnerability has been discovered in eosphoros-ai db-gpt version 0.7.5. The flaw affects the Flow Import Endpoint component, specifically the importlib.machinery.SourceFileLoader.exec_module function in the /api/v1/serve/awel/flow/import file. Attackers can exploit this vulnerability remotely through file manipulation to achieve code injection. The exploit has been publicly released and is available for active attacks. The vendor was contacted about the disclosure but has not responded.