Coppermine 1.5.42: Second-Order Command Execution

20 min read 2 Dec 2016 by Martin Bednorz
The second gift in our advent calendar contains descriptions of vulnerabilities in Coppermine, a very popular picture gallery application written in PHP and in active development since 2003. It consists of ~160,000 lines of code (medium-sized web application) and is downloaded roughly 1,200 times per week.

FreePBX 13: From Cross-Site Scripting to Remote Command Execution

20 min read 1 Dec 2016 by Hendrik Buchwald
FreePBX is a web-based graphical user interface that helps users to manage voice-over-IP services. With over one million production systems using FreePBX worldwide it is the most widely deployed open-source PBX (Private Branch Exchange) platform. Since FreePBX is written completely in PHP, we decided to throw it into our code analysis tool RIPS. The results were surprising…