目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2023-38646 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Metabase 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase 0.46.6.1之前版本和Metabase Enterprise 1.46.6.1之前版本存在安全漏洞,该漏洞源于允许攻击者以运行该服务的权限在服务器上执行任意命令。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
-n/a n/a -
二、漏洞 CVE-2023-38646 的公开POC
#POC 描述源链接神龙链接
1Nonehttps://github.com/adriyansyah-mf/CVE-2023-38646--Metabase-POC详情
2For educational purposes onlyhttps://github.com/Pumpkin-Garden/POC_Metabase_CVE-2023-38646POC详情
3Metabase Pre-auth RCE (CVE-2023-38646)!!https://github.com/0xrobiul/CVE-2023-38646POC详情
4Remote Code Execution on Metabase CVE-2023-38646https://github.com/Chocapikk/CVE-2023-38646POC详情
5Nonehttps://github.com/Xuxfff/CVE-2023-38646-PocPOC详情
6POC for CVE-2023-38646https://github.com/securezeron/CVE-2023-38646POC详情
7Tools to exploit metabase CVE-2023-38646https://github.com/lazysec0x21/CVE-2023-38646POC详情
8Proof of Concept for CVE-2023-38646https://github.com/Zenmovie/CVE-2023-38646POC详情
9Metabase Pre-auth RCEhttps://github.com/shamo0/CVE-2023-38646-PoCPOC详情
10CVE-2023-38646-POChttps://github.com/fidjiw/CVE-2023-38646-POCPOC详情
11Nonehttps://github.com/Any3ite/cve-2023-38646-metabase-ReverseShellPOC详情
12Automatic Tools For Metabase Exploit Known As CVE-2023-38646https://github.com/robotmikhro/CVE-2023-38646POC详情
13Metabase Pre-auth RCE (CVE-2023-38646)https://github.com/kh4sh3i/CVE-2023-38646POC详情
14CVE-2023-38646 (Pre-Auth RCE in Metabase)https://github.com/joaoviictorti/CVE-2023-38646POC详情
15Nonehttps://github.com/yxl2001/CVE-2023-38646POC详情
16CVE-2023-38646 Pre-Auth RCE in Metabasehttps://github.com/alexandre-pecorilla/CVE-2023-38646POC详情
17Metabase H2 远程代码执行漏洞(CVE-2023-38646)https://github.com/CN016/Metabase-H2-CVE-2023-38646-POC详情
18CVE-2023-38646 Metabase RCEhttps://github.com/Boogipop/MetabaseRceToolsPOC详情
19CVE-2023-38646 Metabase 0.46.6 exploithttps://github.com/SUT0L/CVE-2023-38646POC详情
20CVE-2023-38646 Unauthenticated RCE vulnerability in Metabase https://github.com/nickswink/CVE-2023-38646POC详情
21Nonehttps://github.com/passwa11/CVE-2023-38646POC详情
22Nonehttps://github.com/threatHNTR/CVE-2023-38646POC详情
23Nonehttps://github.com/asepsaepdin/CVE-2023-38646POC详情
24Exploit script for Pre-Auth RCE in Metabase (CVE-2023-38646)https://github.com/Pyr0sec/CVE-2023-38646POC详情
25Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.https://github.com/birdm4nw/CVE-2023-38646POC详情
26RCE Exploit for CVE-2023-38646https://github.com/AnvithLobo/CVE-2023-38646POC详情
27Python script to exploit CVE-2023-38646 Metabase Pre-Auth RCE via SQL injectionhttps://github.com/Red4mber/CVE-2023-38646POC详情
28Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.https://github.com/junnythemarksman/CVE-2023-38646POC详情
29A crappy exploit script written for CVE-2023-38646. It works about as well as peace treaties between Israel and Hamas.https://github.com/Itrekr/CVE-2023-38646-CrapsploitPOC详情
30Metabase Pre-Auth RCE POChttps://github.com/Mrunalkaran/CVE-2023-38646POC详情
31Code to detect/exploit vulnerable metabase applicationhttps://github.com/j0yb0y0h/CVE-2023-38646POC详情
32Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.https://github.com/Ego1stoo/CVE-2023-38646POC详情
33Metabase postgres (org.h2.Driver) RCE without INIThttps://github.com/0utl4nder/Another-Metabase-RCE-CVE-2023-38646POC详情
34Tools to exploit metabase CVE-2023-38646https://github.com/raytheon0x21/CVE-2023-38646POC详情
35Nonehttps://github.com/Shisones/MetabaseRCE_CVE-2023-38646POC详情
36Nonehttps://github.com/acesoyeo/METABASE-RCE-CVE-2023-38646-POC详情
37Exploit for the Remote Code Execution (RCE) vulnerability identified in Metabase versions before 0.46.6.1 (open source) and 1.46.6.1 (Enterprise). Authentication is not required for exploitation.https://github.com/UserConnecting/Exploit-CVE-2023-38646-MetabasePOC详情
38Exploit for CVE-2023-38646, a pre-auth RCE in Metbasehttps://github.com/xchg-rax-rax/CVE-2023-38646POC详情
39This is a script written in Python that allows the exploitation of the Metabase's software security flaw described in CVE-2023-38646.https://github.com/m3m0o/metabase-pre-auth-rce-pocPOC详情
40CVE-2023-38646是Metabase中的一个远程代码执行漏洞。该漏洞源于Metabase在处理未经身份验证的API端点/api/setup/validate时,对JDBC连接字符串的处理存在安全缺陷。攻击者可以通过构造特定的JDBC连接字符串,利用该端点在服务器上执行任意命令,而无需进行身份验证。https://github.com/XiaomingX/cve-2023-38646-pocPOC详情
41Proof-of-Concept script for exploiting CVE-2023-38646. Intended for educational and research purposes only.https://github.com/JayRyz/CVE-2023-38646-PoC-MetabasePOC详情
42CVE-2023-38646 Metabase 0.46.6 exploithttps://github.com/DaniTheHack3r/CVE-2023-38646POC详情
43Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-38646.yamlPOC详情
44Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Metabase%20%E6%9C%AA%E6%8E%88%E6%9D%83%20JDBC%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2023-38646.mdPOC详情
45https://github.com/vulhub/vulhub/blob/master/metabase/CVE-2023-38646/README.mdPOC详情
46Nonehttps://github.com/BreezeGalaxy/CVE-2023-38646POC详情
47CVE-2023-38646是Metabase中的一个远程代码执行漏洞。该漏洞源于Metabase在处理未经身份验证的API端点/api/setup/validate时,对JDBC连接字符串的处理存在安全缺陷。攻击者可以通过构造特定的JDBC连接字符串,利用该端点在服务器上执行任意命令,而无需进行身份验证。https://github.com/cleanmgr112/cve-2023-38646-pocPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2023-38646 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2023-38646

暂无评论

发表评论