SugarCRM's Security Diet - Multiple Vulnerabilities

14 Sep 2017 by Robin Peraglie
SugarCRM Security

SugarCRM is one of the most popular customer relationship management solutions. It is available as a commercial edition and as an open-source community edition and is used by more than 2 million individuals in over 120 countries to manage sensitive customer data 1. Lately its security attracted attention after a researcher reported multiple security issues in the code 2. As a result, a new version of SugarCRM was released.

We wanted to check what our automated code analysis technology RIPS would find after the recent manual audit and how it could contribute to the security. As a result, critical issues were uncovered that could allow attackers to steal customer data or sensitive files from the server.

Read More ...

How security flaws in PHP's core can affect your application

20 Jul 2017 by Dr. Johannes Dahse
PHP Core Security

Popular security vulnerabilities occur due to bad coding practices or coding mistakes. Often a single missing character or incautiously used language feature opens the gates for an external attacker. But even when all best practices for secure programming are carefully adhered to, a PHP application’s source code is only as secure as the PHP interpreter it runs on. In this post, we will see how memory corruption bugs in the PHP core itself can affect an application’s security.

Read More ...

Why mail() is dangerous in PHP

3 May 2017 by Robin Peraglie
Email Security in PHP

During our advent of PHP application vulnerabilities, we reported a remote command execution vulnerability in the popular webmailer Roundcube (CVE-2016-9920). This vulnerability allowed a malicious user to execute arbitrary system commands on the targeted server by simply writing an email via the Roundcube interface. After we reported the vulnerability to the vendor and released our blog post, similar security vulnerabilities that base on PHP’s built-in mail() function popped up in other PHP applications 1 2 3 4. In this post, we have a look at the common ground of these vulnerabilities, which security patches are faulty, and how to use mail() securely.

Read More ...

e107 2.1.2: SQL Injection through Object Injection

23 Dec 2016 by Hendrik Buchwald

e107

The 23rd gift in our advent calendar presents security issues in e107, a content management system that is in development since 2013. Among others, we identified a critical issue that allows any user to update his permissions and to extract sensitive information from the database by exploiting a PHP object injection vulnerability.

Read More ...

Security Compliance with Static Code Analysis

22 Dec 2016 by Daniel Peeren

Compliance

Compliance describes the adherence to regulations and commitments organizations have to fulfill in certain sectors. Security is an integral part of many regulations. In general, a company is compliant if a snapshot of the current security arrangements meets a specific set of requirements. These requirements are defined by several regulatory organizations or standards, for example PCI DSS, HIPAA, or the ISO27k-series. If your company is bound to - or would like to - comply to these standards, read on and learn how the security requirements can be achived with a SAST tool.

Read More ...