Posts by author: Robin Peraglie

Breaking Into Your Company's Internal Network - SuiteCRM 7.11.4

15 min read 20 Aug 2019 by Robin Peraglie
SuiteCRM, a customer relationship software, is a great first economic choice as CRM software because it is free and open source. However, in this blog post we will see how a vulnerable web application deployed in the internal network of your company can act as a charming entry gateway for any adversary.

WARNING: Pre-Auth Takeover of OXID eShops

6 min read 29 Jul 2019 by Robin Peraglie
RIPS detected a highly critical vulnerability in the OXID eShop software that allows unauthenticated attackers to takeover an eShop remotely in less than a few seconds - all on default configurations. A second vulnerability in the administration panel can then be exploited to gain remote code execution on the server. We highly recommend to update to the latest version!

TYPO3 9.5.7: Overriding the Database to Execute Code

5 min read 16 Jul 2019 by Robin Peraglie
In this technical blog post we examine a critical vulnerability in the core of the TYPO3 CMS which was detected by our static code analysis tool RIPS (CVE-2019-12747). A reliable exploit allows the execution of arbitrary PHP code on the underlying system as authenticated user.

Pydio 8.2.1 Unauthenticated Remote Code Execution

4 min read 13 Nov 2018 by Simon Scannell, Robin Peraglie
Pydio is a popular file sharing solution used by enterprises and governments around the world. It suffered from a highly critical vulnerability that allowed unauthenticated attackers to compromise the entire file sharing server and to execute arbitrary code on the remote machine (CVE-2018-20718). Find out more about the impact and technical details in our blog post.

Evil Teacher: Code Injection in Moodle

11 min read 12 Jun 2018 by Robin Peraglie
Moodle is a widely-used open-source e-Learning software with more than 127 million users allowing teachers and students to digitally manage course activities and exchange learning material, often deployed by large universities. In this post we will examine the technical intrinsics of a critical vulnerability in the previous Moodle release detected by RIPS Code Analysis (CVE-2018-1133).