Back to directory

WRITEUP #926

Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646)

RCESQL injectionSecurity code review

by@infosec_au(Shubham Shah)

Program

Metabase

Published

Jul 22, 2023

Added to HackDex

Jul 31, 2023

Read Full Writeuphttps://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/

▸ RELATED WRITEUPS

Exploiting authorization by nonce in WordPress plugins

RCEArbitrary file upload

Getting code execution on Veeam through CVE-2023-27532

RCEInsecure deserialization

Spip Preauth RCE 2024: Part 2, A Big Upload

Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670

SQL InjectionReverse engineering

Back To School - Exploiting A Remote Code Execution Vulnerability In Moodle

RCESecurity code review

Built with ❤️ by Shubham Rawat