Coolify: Host-Level RCE via Unescaped Database Credentials in Backup Jobs
How an incomplete security fix in Coolify left 5 credential fields injectable in database backup commands, allowing root-level RCE on all managed servers.
How an incomplete security fix in Coolify left 5 credential fields injectable in database backup commands, allowing root-level RCE on all managed servers.
Static MD5 auth tokens, unrestricted .htaccess uploads, and four unsafe unserialize() calls chain together for full server compromise.