CVE-2023-7333

Summary

A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. You should upgrade the affected component.

Affected Software

VendorProductVersion RangeStatus
bluelabsiorecords-mover1.5.0affected
bluelabsiorecords-mover1.5.1affected
bluelabsiorecords-mover1.5.2affected
bluelabsiorecords-mover1.5.3affected
bluelabsiorecords-mover1.5.4affected
bluelabsiorecords-mover1.6.0unaffected

Weaknesses

  • CWE-89: SQL Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References