32 matches found
CVE-2023-38646
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2...
Exploit for CVE-2023-38646
CVE-2023-38646-PoC-Metabase Proof-of-Concept script for exploi...
Exploit for CVE-2023-38646
Metabase Pre-Authentication RCE CVE-2023-38646 CVE-2023-38...
Metabase 0.46.6 - Pre-Auth Remote Code Execution Exploit
Exploit Title: metabase 0.46.6 - Pre-Auth Remote Code Execution Exploit Author: Musyoka Ian Vendor Homepage: https://www.metabase.com/ Software Link: https://www.metabase.com/ Version: metabase 0.46.6 Tested on: Ubuntu 22.04, metabase 0.46.6 CVE : CVE-2023-38646 !/usr/bin/env python3 import socke...
Metabase 0.46.6 - Pre-Auth Remote Code Execution
Exploit Title: metabase 0.46.6 - Pre-Auth Remote Code Execution Google Dork: N/A Date: 13-10-2023 Exploit Author: Musyoka Ian Vendor Homepage: https://www.metabase.com/ Software Link: https://www.metabase.com/ Version: metabase 0.46.6 Tested on: Ubuntu 22.04, metabase 0.46.6 CVE : CVE-2023-38646...
Metabase RCE (CVE-2023-38646)
The version of Metabase installed on the remote host is 0.46.x 0.46.6.1, 0.45.x 0.45.4.1, 1.45.x 1.45.4.1, 0.44.x 0.44.7.1, 1.44.x 1.44.7.1, 0.43.x 0.43.7.2, and 1.43.x 1.43.7.2. It is, therefore, affected by a command execution vulnerability when a malicious attacker sends a specially crafted...
Exploit for CVE-2023-38646
CVE-2023-38646 Metabase Pre-Auth RCE 11/26/2023 Metabase ope...
VulnCheck KEV: CVE-2023-38646
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1,...
Exploit for CVE-2023-38646
Metabase Pre-Auth RCE POC - CVE-2023-38646 Metabase open sourc...
Exploit for CVE-2023-38646
CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...
Exploit for CVE-2023-38646
CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...
Exploit for CVE-2023-38646
CVE-2023-38646 A python RCE exploit for CVE-2023-38646 Us...
Exploit for CVE-2023-38646
CVE-2023-38646 - Metabase RCE Metabase open source before 0.46...
Exploit for CVE-2023-38646
CVE-2023-38646 - Metabase Pre-Auth RCE ⚠️ For educatio...
Exploit for CVE-2023-38646
CVE-2023-38646-exploit "This vulnerability, designated as CVE-...
Exploit for CVE-2023-38646
CVE-2023-38646-exploit "This vulnerability, designated as CVE-...
Exploit for CVE-2023-38646
CVE-2023-38646-exploit "This vulnerability, designated as CVE-...
Exploit for CVE-2023-38646
CVE-2023-38646 Fork of kh4sh3i'shttps://github.com/kh4sh...
Exploit for CVE-2023-38646
Metabase Metabase is an open source business intelligence tool...
Metabase Setup Token RCE
Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even after the setup process has been completed. With this token a user is able to submit the setup functionality to create a new database. When creating a new database, an H2 database string is created wi...