Filter by tag: php

WARNING: WordPress File Delete to Code Execution

9 min read 26 Jun 2018 by Slavco Mihajloski, Karim El Ouerghemmi
WordPress is the most popular CMS on the web. In this blog post we introduce an authenticated arbitrary file deletion vulnerability (CVE-2018-20714) in the WordPress core that can lead to attackers executing arbitrary code. The vulnerability was reported 7 months ago to the WordPress security team but still remains unpatched.

Evil Teacher: Code Injection in Moodle

11 min read 12 Jun 2018 by Robin Peraglie
Moodle is a widely-used open-source e-Learning software with more than 127 million users allowing teachers and students to digitally manage course activities and exchange learning material, often deployed by large universities. In this post we will examine the technical intrinsics of a critical vulnerability in the previous Moodle release detected by RIPS Code Analysis (CVE-2018-1133).

A Salesmans Code Execution: PrestaShop 1.7.2.4

5 min read 7 May 2018 by Robin Peraglie
PrestaShop is one of the most popular e-commerce solutions. Our leading security analysis solution RIPS detected a highly critical vulnerability that allows to execute arbitrary code on any installation with version <= 1.7.2.4. In this technical blog post we present the vulnerability and the exploitation technique that could have been misused by attackers (CVE-2018-20717).

LimeSurvey 2.72.3 - Persistent XSS to Code Execution

5 min read 10 Apr 2018 by Robin Peraglie
LimeSurvey is an open source and commercial web application that enables its users to quickly design and setup scalable surveys. RIPS automatically detected two vulnerabilities in LimeSurvey < 2.72.3: An unauthenticated persistent cross-site scripting vulnerability (CVE-2017-18358) and an authenticated arbitrary file write vulnerability which can be chained.

Privilege Escalation in 2.3M WooCommerce Shops

13 min read 26 Feb 2018 by Karim El Ouerghemmi, Slavco Mihajloski
The WordPress plugin WooCommerce runs on approximately 2,300,000 live websites and is currently the most prominent eCommerce platform used on the Web. During our research we discovered a PHP Object Injection vulnerability in WooCommerce (CVE-2017-18356) that allows to escalate privileges with a unique and interesting injection technique.