Rudder Server SQL Injection / Remote Code Execution | allinfosecnews.com

July 31, 2023, 4:24 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform (CDP). The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may lead to remote code execution due to the rudder role in PostgreSQL having superuser permissions by default.

cdp code code execution customer customer data data data platform exploiting exploits flaw injection may metasploit open source platform remote code remote code execution role server sql sql injection vulnerability

More from packetstormsecurity.com / Packet Storm

RansomLord Anti-Ransomware Exploit Tool 3.1 1 day, 20 hours ago | packetstormsecurity.com

anti-ransomware compromise concept dll +13

Red Hat Security Advisory 2024-3527-03 1 day, 20 hours ago | packetstormsecurity.com

advisory buffer buffer overflow customer +16

Red Hat Security Advisory 2024-3513-03 1 day, 20 hours ago | packetstormsecurity.com

advisory code code execution enterprise +8

Red Hat Security Advisory 2024-3501-03 1 day, 20 hours ago | packetstormsecurity.com

advisory denial of service enterprise issues +7

Red Hat Security Advisory 2024-3500-03 1 day, 20 hours ago | packetstormsecurity.com

advisory denial of service enterprise http +10

Red Hat Security Advisory 2024-3497-03 1 day, 20 hours ago | packetstormsecurity.com

advisory buffer buffer overflow buffer overflow vulnerability +10

Packet Storm New Exploits For May, 2024 1 day, 20 hours ago | packetstormsecurity.com

archive exploits may packet +2

Ubuntu Security Notice USN-6804-1 1 day, 20 hours ago | packetstormsecurity.com

attacker buffer buffer overflow cache +16

Ubuntu Security Notice USN-6803-1 1 day, 20 hours ago | packetstormsecurity.com

arbitrary code arbitrary code execution attacker code +16

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com