OsCommerce v4 RCE: Unveiling the File Upload Bypass ThreatIn my recent penetration test, I identified a critical vulnerability in osCommerce v4, specifically a Remote Code Execution (RCE)…Nov 281Nov 281
CVE-2024-22723 | Webtrees Vulnerability: Uncovering Sensitive Data Through Path TraversalWebtrees is a free open source web-based genealogy application intended for collaborative use.Feb 221Feb 221
CVE-2024–22720 / HTML Injection Vulnerability in Kanboard Group ManagementKanboard is a project management software that focuses on the Kanban methodology. It provides a visual approach to managing tasks, allowing…Jan 2Jan 2
CVE-2023-24676 | The Power of Remote File Inclusion in Proccesswire CMSWhats is Processwire?Apr 28, 20231Apr 28, 20231
CVE-2023-27576 / Hacking Phplist: How I Gained Super Admin AccessThis vulnerability on version 3.6.12Apr 28, 2023Apr 28, 2023
Uncovering Privilege Escalation (CVE-2023-24674) and Stored XSS (CVE-2023-24675) Vulnerabilities in…Whats is Bludit?Apr 28, 2023Apr 28, 2023
CVE-2023-1877 / RCE with Server-Side Template Injection in MicroweberI am familiar with Microweber, a contemporary open-source content management system (CMS). Its main function is to enable users to develop…Apr 5, 2023Apr 5, 2023
CVE-2023-29689 / From SSTI to RCE: Unveiling Vulnerabilities in PyroCMSWhats is Pyro? Pyro is a content management system (CMS) that was built using the PHP programming language. It was created with the…Mar 20, 20231Mar 20, 20231