Filter by tag: sql injection

TikiWiki 17.1 SQLi: Scan, Verify and Patch in Minutes

6 min read 19 Jul 2018 by Karim El Ouerghemmi
TikiWiki is an open source software that offers a wiki-style based content management system. It has more than 1.25 million downloads and a large code base of around 1.7 million lines of code. In this blog post, we demonstrate step by step how we used our leading RIPS Code Analysis solution to detect and verify a SQL injection vulnerability in minutes (CVE-2018-20719).

Joomla! 3.8.3: Privilege Escalation via SQL Injection

5 min read 6 Feb 2018 by Karim El Ouerghemmi
Joomla! is one of the biggest players in the market of content management systems and the second most used CMS on the web. RIPS discovered a second-order SQL injection (CVE-2018-6376) that could be used by attackers to leverage lower permissions and to escalate them into full admin permissions on Joomla! prior version 3.8.4.

CubeCart 6.1.12 - Admin Authentication Bypass

8 min read 17 Jan 2018 by Robin Peraglie
CubeCart is an open source e-commerce solution. In one of our latest security analysis we found two flaws in this web application that allow an attacker to circumvent the authentication mechanism required to login as an administrator (CVE-2018-20716). Once bypassed, an attacker can execute arbitrary code on the web server and steal all sensitive files and data.

WordPress Plugin Vulnerabilities 2017 VS. Static Analysis

11 min read 29 Nov 2017 by Johannes Dahse
WordPress plugins are widely adopted and an attractive target for attackers. In this technical blog post we analyze the most critical vulnerabilities in WordPress plugins of 2017 and share insights about how static code analysis can detect these.

Shopware 5.3.3: PHP Object Instantiation to Blind XXE

8 min read 8 Nov 2017 by Karim El Ouerghemmi
Shopware is a popular e-commerce software. Within only 4 minutes, RIPS discovered two vulnerabilities in the code that bases on Symfony, Doctrine and the Zend Framework. In this blog post we investigate the exploitation of one of these: A rare PHP object instantiation vulnerability (CVE-2017-18357).