Showing 1 - 1 of 1

CVE-2023-30625

Status Candidate

Overview

rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.

Related Files

Rudder Server SQL Injection / Remote Code Execution: Posted Jul 31, 2023; Authored by Ege Balci | Site metasploit.com; This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform (CDP). The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may lead to remote code execution due to the rudder role in PostgreSQL having superuser permissions by default.; tags | exploit, remote, arbitrary, code execution, sql injection; advisories | CVE-2023-30625; SHA-256 | 4a7457a1bba3ccf6db3434ee961f2c065cceb465b7e915484a770c32bf4d7bab; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 233 files
Ubuntu 70 files
indoushka 44 files
LiquidWorm 28 files
Debian 22 files
Apple 9 files
Google Security Research 8 files
Emiliano Febbi 4 files
Seth Jenkins 4 files
nu11secur1ty 3 files

File Archives

Systems

AIX (430)
Apple (2,125)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,152)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,727)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,169)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,955)
UNIX (9,472)
UnixWare (188)
Windows (6,784)
Other

CVE-2023-30625

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems