6 min read 9 Oct 2018 by Simon Scannell
5 min read 14 Aug 2018 by Johannes Dahse
5 min read 7 May 2018 by Robin Peraglie
PrestaShop is one of the most popular e-commerce solutions. Our leading security analysis solution RIPS detected a highly critical vulnerability that allows to execute arbitrary code on any installation with version <= 126.96.36.199. In this technical blog post we present the vulnerability and the exploitation technique that could have been misused by attackers (CVE-2018-20717).
The WordPress plugin WooCommerce runs on approximately 2,300,000 live websites and is currently the most prominent eCommerce platform used on the Web. During our research we discovered a PHP Object Injection vulnerability in WooCommerce (CVE-2017-18356) that allows to escalate privileges with a unique and interesting injection technique.
11 min read 29 Nov 2017 by Johannes Dahse