CVE-2023-7333
MEDIUMSeverity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. You should upgrade the affected component.
AnalysisAI
A weakness has been identified in bluelabsio records-mover versions up to 1.5.4. contains a security vulnerability (CVSS 5.3).
Technical ContextAI
affects A weakness has been identified in bluelabsio records-mover. A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. You should upgrade the affected component.
Affected ProductsAI
Product: A weakness has been identified in bluelabsio records-mover. Versions: up to 1.5.4..
RemediationAI
Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation.
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-p3jp-7gj7-h6pr