Andrasbacsai

**Name of the Vulnerable Software and Affected Versions** Coolify versions prior to 4.0.0-beta.451 **Description** Coolify is a self-hostable tool for managing servers, applications, and databases. A command injection issue exists in the Database Backup functionality for authenticated users with application/service management permissions. Database names used in backup operations are passed to shell commands without proper sanitization, potentially allowing execution of arbitrary commands as root on managed servers. **Recommendations** Update to version 4.0.0-beta.451 or later.

**Name of the Vulnerable Software and Affected Versions** Coolify versions prior to 4.0.0-beta.451 **Description** Coolify is a self-hostable tool for managing servers, applications, and databases. An authenticated command injection exists in the Database Import functionality, allowing users with application/service management permissions to execute arbitrary commands as root on managed servers. Database names used in import operations are passed directly to shell commands without sanitization, enabling remote code execution. The vulnerable component is the database import functionality. The `database name` is a vulnerable parameter. **Recommendations** Update to version 4.0.0-beta.451 or later.