flatCore CMS 1.4.6: Remote Code Execution and Easteregg

5 min read 17 Oct 2017 by Dennis Detering
flatCore is a lightweight Content Management System (CMS) based on PHP and SQLite. We tested the latest stable version 1.4.6 with RIPS and detected, among others, a critical persistent cross-site scripting vulnerability (CVE-2017-1000428) that can be used by an unauthenticated adversary to attack administrators and to execute PHP code on the web server.

Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection

6 min read 20 Sep 2017 by Robin Peraglie
With over 84 million downloads, Joomla! is one of the most popular content management systems. Our code analysis solution RIPS detected a previously unknown LDAP injection vulnerability in the login controller. This one vulnerability could allow remote attackers to leak the super user password and to fully take over any Joomla! <= 3.7.5 installation that uses LDAP for authentication.

SugarCRM's Security Diet - Multiple Vulnerabilities

10 min read 14 Sep 2017 by Robin Peraglie
SugarCRM is one of the most popular customer relationship management solutions. RIPS uncovered critical security issues that could allow attackers to steal customer data or sensitive files from the server.

e107 2.1.2: SQL Injection through Object Injection

7 min read 23 Dec 2016 by Hendrik Buchwald
The 23rd gift in our advent calendar presents security issues in e107, a content management system that is in development since 2013. Among others, we identified a critical issue that allows any user to update his permissions and to extract sensitive information from the database by exploiting a PHP Object Injection vulnerability.

AbanteCart 1.2.8 - Multiple SQL Injections

8 min read 21 Dec 2016 by Martin Bednorz
In our 21st advent calendar gift, we cover AbanteCart, a very popular e-commerce solution that just turned 5 years old last month. RIPS found multiple SQL injections, PHP object injections, and the complementary cross-site scriptings so that the more severe vulnerabilities can be exploited. Interestingly, the AbanteCart website was defaced just moments before we send out our analysis report to the development team.