ImpressCMS 1.3.11 - Why you should not trust PHP_SELF

6 min read 24 Mar 2020 by Sebastian Fabry
ImpressCMS is a free, community-driven content management system written in PHP, which considers itself to be secure, fast, and modular. This post shows us that inconspicuous variables may be under the influence of the user and thus can result in critical security vulnerabilities.

WordPress <= 5.2.3: Hardening Bypass

5 min read 21 Jan 2020 by Simon Scannell
This blog post details an authenticated Remote Code Execution (RCE) vulnerability in the WordPress core that bypasses hardening mechanisms. The vulnerability is present in the WordPress core in versions prior to 5.2.4.

Backend SQL Injection in BigTree CMS 4.4.6

7 min read 5 Nov 2019 by Robin Peraglie
BigTree is a small content management system which does not depend on many frameworks and advertises itself as user friendly and developer ready. In this blog post, we will take a look at a few vulnerabilities we have detected in the codebase of BigTree.

Drive By RCE Exploit in Pimcore 6.2.0

5 min read 22 Oct 2019 by Robin Peraglie
In this technical blog post we will examine how a drive by exploit in the Pimcore release 6.2.0 allows an attacker to execute OS commands by tricking an authenticated administrator into exploiting a command injection vulnerability.

WooCommerce 3.6.4 - CSRF Bypass to Stored XSS

5 min read 8 Oct 2019 by Dennis Brinkrolf
WooCommerce is the most popular e-commerce plugin for WordPress with over 5 million installations. A flaw in the way WooCommerce handles imports of products results in a stored cross-site scripting vulnerability (XSS) that can be exploited through cross-site request forgery (CSRF).