From 9f86dea2ed87d6cdca932335a10812885b34fc39 Mon Sep 17 00:00:00 2001
From: Goby <50955360+gobysec@users.noreply.github.com>
Date: Fri, 28 Jul 2023 14:22:40 +0800
Subject: [PATCH] Update GobyVuls-Document.md

---
 GobyVuls-Document.md | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/GobyVuls-Document.md b/GobyVuls-Document.md
index 865369a..44b9590 100644
--- a/GobyVuls-Document.md
+++ b/GobyVuls-Document.md
@@ -1,7 +1,20 @@
 [# Goby History Update Vulnerability Total Document (Continuously Update) 
 The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.
 
-**Updated document date: Jul 24, 2023** 
+**Updated document date: Jul 28, 2023** 
+
+## Metabase JDBC Remote Code Execution Vulnerability (CVE-2023-38646)
+
+|   **Vulnerability**  | **Metabase JDBC Remote Code Execution Vulnerability (CVE-2023-38646)**  |
+| :----:   | :-----|
+| **Chinese name**  | Metabase JDBC 远程代码执行漏洞（CVE-2023-38646） |
+| **CVSS core**  | 9.8 |
+| **FOFA Query**  (click to view the results directly)| [title=="Metabase" \|\| ((body="<script type=\"application/json\" id=\"_metabaseBootstrap\">" \|\| body="window.MetabaseLocalization = JSON.parse(document.getElementById(\"_metabaseLocalization\").textContent);") && body="window.MetabaseRoot = actualRoot;")](https://en.fofa.info/result?qbase64=dGl0bGU9PSJNZXRhYmFzZSIgfHwgKChib2R5PSI8c2NyaXB0IHR5cGU9XCJhcHBsaWNhdGlvbi9qc29uXCIgaWQ9XCJfbWV0YWJhc2VCb290c3RyYXBcIj4iIHx8IGJvZHk9IndpbmRvdy5NZXRhYmFzZUxvY2FsaXphdGlvbiA9IEpTT04ucGFyc2UoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoXCJfbWV0YWJhc2VMb2NhbGl6YXRpb25cIikudGV4dENvbnRlbnQpOyIpICYmIGJvZHk9IndpbmRvdy5NZXRhYmFzZVJvb3QgPSBhY3R1YWxSb290OyIp) |
+| **Number of assets affected**  | 66604 |
+| **Description**  | Metabase is an open source data analysis and visualization tool that helps users easily connect to various data sources, including databases, cloud services, and APIs, and then use an intuitive interface for data query, analysis, and visualization.A remote code execution vulnerability exists in Metabase that could allow an attacker to execute arbitrary code on a server running with Metabase server privileges. |
+| **Impact** | A remote code execution vulnerability exists in Metabase that could allow an attacker to execute arbitrary code on a server running with Metabase server privileges. |
+
+![](https://s3.bmp.ovh/imgs/2023/07/28/4a0b2c90aaf1b387.gif)
 
 ## Adobe Coldfusion remote code execution vulnerability (CVE-2023-38203)