{"uuid": "2778e237-c3ec-46c1-805a-4a2142982ff1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9264", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/4743", "content": "9.4 CRITICAL\n\nThe SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-9264\n\nPoC\n\nThis PoC demonstrates the exploitation of CVE-2024-9264 using an authenticated user to perform a DuckDB SQL query and read an arbitrary file on the filesystem.\n\nhttps://github.com/nollium/CVE-2024-9264\n\n\u0421\u043f\u0430\u0441\u0438\u0431\u043e \u043f\u043e\u0434\u043f\u0438\u0441\u0447\u0438\u043a\u0443 \u0437\u0430 \u0441\u0441\u044b\u043b\u043a\u0443", "creation_timestamp": "2024-10-20T21:26:03.000000Z"}