12 matches found
CVE-2023-30625
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
GO-2023-1863 rudder-server is vulnerable to SQL injection in github.com/rudderlabs/rudder-server
rudder-server is vulnerable to SQL injection in github.com/rudderlabs/rudder-server...
GHSA-3JMM-F6JJ-RCC3 rudder-server is vulnerable to SQL injection
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
rudder-server is vulnerable to SQL injection
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
VulnCheck KEV: CVE-2023-30625
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default...
Rudder Server SQL Injection / Remote Code Execution Exploit
This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform CDP. The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may le...
SQL Injection
rudder-server is vulnerable to SQL Injection. The vulnerability is due to the SaveFailedRecordIDs and getPendingStagingFileCount functions using untrusted user input in a SQL statement without using prepared queries, which may result in remote code execution because the PostgresSQL database is ru...
CVE-2023-30625 rudder-server vulnerable to SQL Injection
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
CVE-2023-30625
Rudder-server (RudderStack CDP) prior to version 1.3.0-rc.1 is affected by an SQL injection that can lead to remote code execution because the postgres user rutde_rudder is granted superuser privileges by default. Affected component: rudder-server in RudderStack; vulnerability is triggered via SQ...
CVE-2023-30625 rudder-server vulnerable to SQL Injection
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
rudder-server SQL注入漏洞
rudder-server is an open source niche-focused privacy and security alternative from RudderStack. A SQL injection vulnerability exists in versions prior to rudder-server 1.3.0-rc.1 that stems from the rudder role in PostgresSQL having superuser privileges by default, which can lead to remote code...
PT-2023-22822 · Unknown · Postgresql +1
Name of the Vulnerable Software and Affected Versions: rudder-server versions prior to 1.3.0-rc.1 Description: The issue is related to SQL injection, which may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Recommendations: For...