Filter by tag: sql injection

Teampass 2.1.26.8: Unauthenticated SQL Injection

10 min read 12 Dec 2016 by Martin Bednorz
The next gift in our advent calendar reveals security issues in Teampass, a collaborative password manager first published in late 2011. We detected a critical unauthenticated SQL injection and many file inclusions which could have led to many leaked passwords and angry users. The issues were reported and fixed earlier this year.

PHPKit 1.6.6: Code Execution for Privileged Users

7 min read 8 Dec 2016 by Martin Bednorz
Today’s gift in our advent calendar contains PHPKit, a German web content management system in development since early 2002. With its ~42,000 lines of code it is a rather small application and the latest version is 1.6.6. This post describes two severe vulnerabilities in the administration section that require a minimal user permission for exploitation.

eFront 3.6.15: Steal your professors password

8 min read 3 Dec 2016 by Martin Bednorz
Today, we present our analysis results for eFront, the open-source edition of the thriving e-learning platform eFrontPro. The platform is used by hundreds of organizations world-wide and consists of over 700,000 lines of PHP code, rendering manual security analysis ineffective at best. We will analyze two SQL injections that can be used to leak sensitive data.

Coppermine 1.5.42: Second-Order Command Execution

11 min read 2 Dec 2016 by Martin Bednorz
The second gift in our advent calendar contains descriptions of vulnerabilities in Coppermine, a very popular picture gallery application written in PHP and in active development since 2003. It consists of ~160,000 lines of code (medium-sized web application) and is downloaded roughly 1,200 times per week.