Coolify Command Injection Vulnerability in Database Import Allowing Authenticated Remote Code Execution
Vulnerability
A command injection vulnerability has been identified in Coolify, an open-source tool for managing servers, applications, and databases. This vulnerability exists in the Database Import functionality prior to version 4.0.0-beta.451. It allows authenticated users with application or service management permissions to execute arbitrary commands as root on managed servers. The issue arises because database names used in import operations are passed directly to shell commands without proper sanitization, enabling full remote code execution on the host system.
Impact
Exploitation of this vulnerability allows for arbitrary command execution as root, leading to container escape and full host system compromise.
Remediation
Users are advised to upgrade to Coolify version 4.0.0-beta.451 or later, where this vulnerability has been fixed. The Coolify development team has implemented comprehensive input validation and shell argument escaping in the affected functionality to prevent command injection attacks.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.