Pydio 8.2.1 Unauthenticated Remote Code Execution

13 Nov 2018 by Simon Scannell, Robin Peraglie
Pydio Object Injection to RCE

Pydio is a popular file sharing solution used by enterprises and governments around the world. It suffered from a highly critical vulnerability that allowed unauthenticated attackers to compromise the entire file sharing server and to execute arbitrary code on the remote machine (CVE-2018-20718). Find out more about the impact and technical details in our blog post.

Read More

WordPress Design Flaw Leads to WooCommerce RCE

6 Nov 2018 by Simon Scannell
WordPress

A flaw in the way WordPress handles privileges can lead to a privilege escalation in WordPress plugins. This affects for example WooCommerce, the most popular e-commerce plugin with over 4 million installations. The vulnerability allows shop managers to delete certain files on the server and then to take over any administrator account (CVE-2018-20714).

Read More

What is PHP Object Injection

9 Oct 2018 by Simon Scannell

PHP Object Injections

A very common and critical vulnerability in PHP applications is PHP Object Injection. This blog post explains how they work and how they can lead to a full site takeover by remote attackers.

Read More