Insightconnect Sqlmap Plugin
Monthly
OS command injection in Rapid7's InsightConnect SQLmap Plugin (versions before 2.0.1) on Linux lets an authenticated InsightConnect user inject arbitrary operating-system commands through the api_host or api_port fields supplied while configuring the plugin's connection. Because the plugin runs inside the InsightConnect orchestration runtime, a successful injection yields code execution in that automation context (CVSS 8.8, CWE-78). No public exploit identified at time of analysis, and SSVC records exploitation status as none; EPSS is modest at 0.73% (50th percentile).
OS command injection in Rapid7's InsightConnect SQLmap Plugin (versions before 2.0.1) on Linux lets an authenticated InsightConnect user inject arbitrary operating-system commands through the api_host or api_port fields supplied while configuring the plugin's connection. Because the plugin runs inside the InsightConnect orchestration runtime, a successful injection yields code execution in that automation context (CVSS 8.8, CWE-78). No public exploit identified at time of analysis, and SSVC records exploitation status as none; EPSS is modest at 0.73% (50th percentile).