Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability
Vulnerability Description
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the SQL parser. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the database account. Was ZDI-CAN-25350.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
PostHog SQL注入漏洞
Vulnerability Description
PostHog是PostHog开源的一个一体化的开源平台。 PostHog存在SQL注入漏洞,该漏洞源于SQL解析器实现时未验证用户输入,可能导致SQL注入和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A