Lucene search
K

6 matches found

0day.today
0day.today
added 2023/08/01 12:0 a.m.369 views

Rudder Server SQL Injection / Remote Code Execution Exploit

This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform CDP. The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may le...

8.8CVSS9.1AI score0.85825EPSS
Exploits4
Metasploit
Metasploit
added 2023/07/31 7:52 p.m.462 views

Rudder Server SQLI Remote Code Execution

This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform CDP. The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may le...

8.8CVSS8.8AI score0.85825EPSS
Exploits4
Circl
Circl
added 2023/07/31 1:41 p.m.42 views

CVE-2023-30625

creationtimestamp| type| source ---|---|--- 2023-07-31 13:41:50+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rudderserversqlirce.rb 2023-10-04 00:55:17+00:00| published-proof-of-concept| https://t.me/codeb0ss/1207 2023-10-11 03:23:45+00:00|...

8.8CVSS7.3AI score0.85825EPSS
In wildExploits4References9
Packet Storm
Packet Storm
added 2023/07/31 12:0 a.m.314 views

Rudder Server SQL Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rudder Server SQLI Remote Code Execution', 'Description' = %q This Metasploit module exploits a SQL injection vulnerability in RudderStack's...

8.8CVSS7.1AI score0.85825EPSS
Exploits4
Cvelist
Cvelist
added 2023/06/16 4:4 p.m.63 views

CVE-2023-30625 rudder-server vulnerable to SQL Injection

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

8.8CVSS9.5AI score0.85825EPSS
Exploits4References8
CVE
CVE
added 2023/06/16 4:4 p.m.101 views

CVE-2023-30625

Rudder-server (RudderStack CDP) prior to version 1.3.0-rc.1 is affected by an SQL injection that can lead to remote code execution because the postgres user rutde_rudder is granted superuser privileges by default. Affected component: rudder-server in RudderStack; vulnerability is triggered via SQ...

8.8CVSS9.1AI score0.85825EPSS
In wildExploits4References8Affected Software1
Rows per page
Query Builder