GobyVuls/CVE-2023-38646.md

## Metabase JDBC Remote Code Execution Vulnerability (CVE-2023-38646)

|   **Vulnerability**  | **Metabase JDBC Remote Code Execution Vulnerability (CVE-2023-38646)**  |
| :----:   | :-----|
| **Chinese name**  | Metabase JDBC 远程代码执行漏洞（CVE-2023-38646） |
| **CVSS core**  | 9.8 |
| **FOFA Query**  (click to view the results directly)| [title=="Metabase" \|\| ((body="<script type=\"application/json\" id=\"_metabaseBootstrap\">" \|\| body="window.MetabaseLocalization = JSON.parse(document.getElementById(\"_metabaseLocalization\").textContent);") && body="window.MetabaseRoot = actualRoot;")](https://en.fofa.info/result?qbase64=dGl0bGU9PSJNZXRhYmFzZSIgfHwgKChib2R5PSI8c2NyaXB0IHR5cGU9XCJhcHBsaWNhdGlvbi9qc29uXCIgaWQ9XCJfbWV0YWJhc2VCb290c3RyYXBcIj4iIHx8IGJvZHk9IndpbmRvdy5NZXRhYmFzZUxvY2FsaXphdGlvbiA9IEpTT04ucGFyc2UoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoXCJfbWV0YWJhc2VMb2NhbGl6YXRpb25cIikudGV4dENvbnRlbnQpOyIpICYmIGJvZHk9IndpbmRvdy5NZXRhYmFzZVJvb3QgPSBhY3R1YWxSb290OyIp) |
| **Number of assets affected**  | 66604 |
| **Description**  | Metabase is an open source data analysis and visualization tool that helps users easily connect to various data sources, including databases, cloud services, and APIs, and then use an intuitive interface for data query, analysis, and visualization.A remote code execution vulnerability exists in Metabase that could allow an attacker to execute arbitrary code on a server running with Metabase server privileges. |
| **Impact** | A remote code execution vulnerability exists in Metabase that could allow an attacker to execute arbitrary code on a server running with Metabase server privileges. |

![](https://s3.bmp.ovh/imgs/2023/07/28/4a0b2c90aaf1b387.gif)