CVE-2023-7333

low-risk
Published 2026-01-07

A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. You should upgrade the affected component.

Do I need to act?

-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
LOCAL / LOW complexity

References (6)

https://github.com/bluelabsio/records-mover/
https://github.com/bluelabsio/records-mover/commit/3f8383aa89f45d861ca081e3e9fd2...
https://github.com/bluelabsio/records-mover/pull/254
https://github.com/bluelabsio/records-mover/releases/tag/v1.6.0
https://vuldb.com/?ctiid.339566
https://vuldb.com/?id.339566
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal