Showing 1 - 1 of 1

CVE-2023-30625

Status Candidate

Overview

rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.

Related Files

Rudder Server SQL Injection / Remote Code Execution: Posted Jul 31, 2023; Authored by Ege Balci | Site metasploit.com; This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform (CDP). The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may lead to remote code execution due to the rudder role in PostgreSQL having superuser permissions by default.; tags | exploit, remote, arbitrary, code execution, sql injection; advisories | CVE-2023-30625; SHA-256 | 4a7457a1bba3ccf6db3434ee961f2c065cceb465b7e915484a770c32bf4d7bab; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 225 files
indoushka 116 files
Ubuntu 84 files
Gentoo 36 files
Jasper Nota 25 files
Debian 19 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,101)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,815)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,569)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,756)
UNIX (9,438)
UnixWare (187)
Windows (6,674)
Other

CVE-2023-30625

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems