CVE-2023-7333
bluelabsio records-mover Table Object sql injection
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
07 ene 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. You should upgrade the affected component.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Productos afectados
bluelabsio · records-moverReferencias
https://github.com/bluelabsio/records-mover/https://github.com/bluelabsio/records-mover/commit/3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaahttps://github.com/bluelabsio/records-mover/pull/254https://github.com/bluelabsio/records-mover/releases/tag/v1.6.0https://vuldb.com/?ctiid.339566https://vuldb.com/?id.339566