Home

Description

A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. You should upgrade the affected component.

PUBLISHED Reserved 2026-01-05 | Published 2026-01-07 | Updated 2026-02-23 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
MEDIUM: 5.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
4.3AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

Problem types

SQL Injection

Injection

Product status

1.5.0
affected

1.5.1
affected

1.5.2
affected

1.5.3
affected

1.5.4
affected

1.6.0
unaffected

Timeline

2023-10-30:Advisory disclosed
2023-10-30:Countermeasure disclosed
2026-01-05:VulDB entry created
2026-01-08:VulDB entry last update

Credits

VulDB GitHub Commit Analyzer tool

References

vuldb.com/?id.339566 (VDB-339566 | bluelabsio records-mover Table Object sql injection) vdb-entry technical-description

vuldb.com/?ctiid.339566 (VDB-339566 | CTI Indicators (IOB, IOC, TTP)) signature permissions-required

github.com/bluelabsio/records-mover/pull/254 issue-tracking

github.com/...ommit/3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa patch

github.com/bluelabsio/records-mover/releases/tag/v1.6.0 patch

github.com/bluelabsio/records-mover/ product

cve.org (CVE-2023-7333)

nvd.nist.gov (CVE-2023-7333)

Download JSON