Story

The article describes a vulnerability chain in the PostHog application, involving Server-Side Request Forgery (SSRF), a ClickHouse SQL injection vulnerability, and default PostgreSQL credentials, ultimately leading to Remote Code Execution (RCE). The vulnerabilities were discovered and reported through the Zero Day Initiative (ZDI).