276 matches found
CVE-2025-1520
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-1521
PostHog slackincomingwebhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists with...
CVE-2025-1522
PostHog databaseschema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-1522 PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
PostHog databaseschema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-1522 PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
PostHog databaseschema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-1522
CVE-2025-1522 describes a server-side request forgery and information disclosure in PostHog related to the implementation of the database_schema method. The flaw stems from insufficient validation of a URI before accessing resources, enabling an attacker to disclose data within the service accoun...
CVE-2025-1522 PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
PostHog databaseschema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-1521 PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability
PostHog slackincomingwebhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists with...
CVE-2025-1521 PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability
PostHog slackincomingwebhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists with...
CVE-2025-1521 PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability
PostHog slackincomingwebhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists with...
CVE-2025-1521
CVE-2025-1521 concerns PostHog's slack_incoming_webhook processing. The vulnerability stems from inadequate validation of a URI before accessing resources, enabling a network-based SSRF that can disclose sensitive information and potentially execute code in the service account context. The initia...
CVE-2025-1520
Summary of CVE-2025-1520 : Affected product family is PostHog, specifically the ClickHouse Table Functions component. The vulnerability is a SQL injection leading to remote code execution, stemming from improper validation of a user-supplied string used to construct SQL queries within the SQL par...
CVE-2025-1520 PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-1520 PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-1520 PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
PostHog 代码问题漏洞
PostHog is an all-in-one open source platform from PostHog Open Source. A code issue vulnerability exists in PostHog that stems from the lack of validation of the URI when the slackincomingwebhook parameter is processed, which could lead to server-side request forgery and information disclosure...
PostHog 代码问题漏洞
PostHog is an all-in-one open source platform from PostHog Open Source. A code issue vulnerability exists in PostHog that stems from the databaseschema method implementation not validating the URI, which could lead to server-side request forgery and information disclosure...
PostHog SQL注入漏洞
PostHog is an all-in-one open source platform from PostHog Open Source. PostHog suffers from a SQL injection vulnerability that stems from a SQL parser implementation that does not validate user input, which could lead to SQL injection and remote code execution...
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the databaseschema method. The issue results from the lack of proper...
PT-2025-7891 · Posthog · Posthog
Name of the Vulnerable Software and Affected Versions: PostHog affected versions not specified Description: The issue is related to a Server-Side Request Forgery SSRF and Information Disclosure vulnerability in the database schema of PostHog. Recommendations: At the moment, there is no informatio...