[FD] [KIS-2014-09] X2Engine = 4.1.7 (SiteController.php) PHP Object Injection Vulnerability

] - CVE number assigned [05/09/2014] - Version 4.2 released [23/09/2014] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-5297 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano

[FD] [KIS-2014-10] X2Engine = 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability

Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-5298 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2014-10 ___ Sent through the Full

[FD] [KIS-2014-11] TestLink = 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability

Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-8081 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2014-11

[FD] [KIS-2014-12] TestLink = 1.9.12 (database.class.php) Path Disclosure Weakness

: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2014-12 ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org

[FD] [KIS-2014-13] Tuleap = 7.6-4 (register.php) PHP Object Injection Vulnerability

/11/2014] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-8791 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2014-13

[FD] [KIS-2014-14] Osclass = 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability

: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2014-14 ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org/fulldisclosure/

[FD] [KIS-2014-15] Osclass = 3.4.2 (ajax.php) Local File Inclusion Vulnerability

requested [11/10/2014] - CVE number assigned [31/12/2014] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-8084 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original

[FD] [KIS-2014-16] Osclass = 3.4.2 (contact.php) Unrestricted File Upload Vulnerability

and Exposures project (cve.mitre.org) has assigned the name CVE-2014-8085 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2014-16 ___ Sent through the Full Disclosure

[FD] [KIS-2015-03] Concrete5 = 5.7.4 (Access.php) SQL Injection Vulnerability

[-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has not assigned a name to this vulnerability yet. [-] Credits: Vulnerability discovered by Egidio Romano of Minded Security. [-] Original Advisory: http://karmainsecurity.com/KIS-2015-03 [-] Other

[FD] [KIS-2015-07] ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability

ned the name CVE-2015-7711 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2015-07 ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldis

[FD] [KIS-2015-06] ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability

disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-9753 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2015-06 __

[FD] [KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability

ic disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2015-7815 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmains

[FD] [KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability

CVE number requested [14/10/2015] - CVE number assigned [22/10/2015] - Version 2.15.0 released: https://piwik.org/changelog/piwik-2-15-0 [04/11/2015] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2015-7816 to th

[FD] [KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability

CVE-2014-9752 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2015-05 ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archive

[FD] [KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability

lic disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2015-6497 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano of Minded Security. [-] Original Advisory: http://karmainsecurity.com/KIS-2015-04

[FD] [KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities

osures project (cve.mitre.org) has not assigned a CVE identifier for these vulnerabilities. [-] Credits: Vulnerabilities discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2016-05 ___ Sent through the Full Disclosure mailing li

[FD] [KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability

ated [01/12/2015] - CVE number requested [01/12/2015] - CVE number assigned [12/01/2016] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2015-8379 to this vulnerability. [-] Credits: Vulnerability discovered b

[FD] [KIS-2016-02] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability

- CVE number assigned [12/02/2016] - Bug bounty received [23/02/2016] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2016-2212 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Or

[FD] Hacking Magento eCommerce For Fun And 17.000 USD

Hello list, Tonight I'd like to share with you my latest blog post. Seeing my personal experience with the Magento bug bounty program (and even experiences from other security researchers), it looks like they truly believe in a "security through obscurity" methodology. I'm quite disappointed

[FD] Hacking Magento eCommerce For Fun And 17.000 USD

Hello list, Tonight I'd like to share with you my latest blog post. Seeing my personal experience with the Magento bug bounty program (and even experiences from other security researchers), it looks like they truly believe in a "security through obscurity" methodology. I'm quite disappointed

[FD] [KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities

uot; page. [-] Solution: Update to a fixed version. [-] Disclosure Timeline: [05/05/2015] - Vulnerabilities details sent through HackerOne [02/10/2015] - CVE number requested [28/12/2015] - Vendor said the vulnerabilities should be fixed in the upstream [26/06/2016] - Vulnerabilities publicly di

[FD] [KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability

The Common Vulnerabilities and Exposures project (cve.mitre.org) has not assigned a CVE identifier for this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2016-10 [-] Other References: https://hackerone.com/repor

[FD] [KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities

nce: The Common Vulnerabilities and Exposures project (cve.mitre.org) has not assigned a CVE identifier for these vulnerabilities. [-] Credits: Vulnerabilities discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2016-08 [-] Other References: https://hackerone.

[FD] [KIS-2017-01] PEAR HTML_AJAX <= 0.5.7 (PHP Serializer) PHP Object Injection Vulnerability

disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2017-5677 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2017-01 __

[FD] [KIS-2016-12] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability

e.org) has assigned the name CVE-2016-5313 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2016-12 ___ Sent through the Full Disclosure mailing list https://n

[FD] [KIS-2016-13] Piwik <= 2.16.0 (saveLayout) PHP Object Injection Vulnerability

k.org/changelog/piwik-2-16-1/ [16/06/2016] - CVE number requested [07/11/2016] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has not assigned a CVE identifier for this vulnerability. [-] Credits: Vulnerability discovered by Egi

[FD] Tales of SugarCRM Security Horrors

Hello list, Tonight I'd like to share with you my latest blog post. Enjoy! Link: http://karmainsecurity.com/tales-of-sugarcrm-security-horrors Best regards, /EgiX ___ Sent through the Full Disclosure mailing list

[FD] [KIS-2017-02] Tuleap <= 9.6 Second-Order PHP Object Injection Vulnerability

Exposures project (cve.mitre.org) has assigned the name CVE-2017-7411 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2017-02 ___ Sent through the Full Disclosure mai

[FD] [KIS-2018-05] SugarCRM (SaveDropDown) PHP Code Injection Vulnerability

[-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has not assigned a CVE identifier for this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2018-05 [-] Other References: https

[FD] [KIS-2018-02] SugarCRM (WorkFlow module) PHP Code Injection Vulnerability

ublication of this advisory [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has not assigned a CVE identifier for this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2018-02 [-] Other

[FD] [KIS-2018-01] Oracle Application Express (AnyChart) Flash-based Cross-Site Scripting Vulnerability

16/01/2018] - Oracle fixed the issue in the January Critical Patch Update (CPU) [31/12/2018] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2018-2699 to this vulnerability. [-] Credits: Vulnerability discove

[FD] [KIS-2018-07] SugarCRM (Web Logic Hooks module) PHP Code Injection Vulnerability

31/12/2018] - Publication of this advisory [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has not assigned a CVE identifier for this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/K

[FD] [KIS-2018-08] SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability

published [31/12/2018] - Publication of this advisory [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has not assigned a CVE identifier for this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainse

[FD] [KIS-2018-04] SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability

018] - Fixed versions released and security advisory published [31/12/2018] - Publication of this advisory [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has not assigned a CVE identifier for this vulnerability. [-] Credits: Vulnerability discovered by Egidio R

[FD] [KIS-2018-06] SugarCRM (addLabels) PHP Code Injection Vulnerability

31/12/2018] - Publication of this advisory [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has not assigned a CVE identifier for this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/K

[FD] [KIS-2018-03] SugarCRM (portal_get_related_notes) SQL Injection Vulnerability

t assigned a CVE identifier for this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2018-03 [-] Other References: https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2018-003/ __

[FD] [KIS-2019-10] YouPHPTube <= 7.7 (getChat.json.php) SQL Injection Vulnerability

it.io/JeD2U [02/11/2019] - CVE number assigned [02/12/2019] - Versions 7.8 released [04/12/2019] - Publication of this advisory [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2019-18662 to this vulnerability. [-] Credits: Vulnerabili

[FD] [KIS-2019-02] vBulletin <= 5.5.4 (updateAvatar) Remote Code Execution Vulnerability

osures project (cve.mitre.org) has assigned the name CVE-2019-17132 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2019-02 ___ Sent through the Full Disclosure mai

[FD] [KIS-2019-03] SugarCRM <= 9.0.1 Multiple Reflected Cross-Site Scripting Vulnerabilities

[-] Disclosure Timeline: [07/02/2019] - Vendor notified [01/10/2019] - Versions 9.0.2 and 8.0.4 released [10/10/2019] - Publication of this advisory [-] Credits: Vulnerabilities discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2019-03 [-] Other References: htt

[FD] [KIS-2019-08] SugarCRM <= 9.0.1 Multiple PHP Object Injection Vulnerabilities

t;authenticateDownloadKey()" function is using the unserialize() function with the "license_validation_key" setting variable, and such a value can be arbitrarily manipulated in different ways. This can be exploited by malicious users to inject arbitrary PHP objects into

[FD] [KIS-2019-05] SugarCRM <= 9.0.1 Multiple Broken Access Control Vulnerabilities

eter to "Administration" and the "parent_type" parameter to "expandDatabase" or any other action which does not implement ACL checks). [-] Solution: Upgrade to version 9.0.2, 8.0.4, or later. [-] Disclosure Timeline: [07/02/2019] - Vendor notified [01/10/2019]

[FD] [KIS-2019-04] SugarCRM <= 9.0.1 Multiple SQL Injection Vulnerabilities

d before being used to construct a SQL query. This can be exploited by malicious users to e.g. read sensitive data from the database through in-band SQL Injection attacks. [-] Solution: Upgrade to version 9.0.2, 8.0.4, or later. [-] Disclosure Timeline: [07/02/2019] - Vendor notified [01

[FD] [KIS-2019-06] SugarCRM <= 9.0.1 Multiple Path Traversal Vulnerabilities

- Vendor notified [01/10/2019] - Versions 9.0.2 and 8.0.4 released [10/10/2019] - Publication of this advisory [-] Credits: Vulnerabilities discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2019-06 [-] Other References:

[FD] [KIS-2019-07] SugarCRM <= 9.0.1 Multiple PHP Code Injection Vulnerabilities

ful exploitation of this vulnerability requires a System Administrator account. [-] Solution: Upgrade to version 9.0.2, 8.0.4, or later. [-] Disclosure Timeline: [07/02/2019] - Vendor notified [01/10/2019] - Versions 9.0.2 and 8.0.4 released [10/10/2019] - Publication of this advisory

[FD] [KIS-2020-03] SuiteCRM <= 7.11.11 (action_saveHTMLField) Bean Manipulation Vulnerability

ure intention, no response [07/02/2020] - CVE number assigned [12/02/2020] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2020-8802 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano.

[FD] [KIS-2020-02] SuiteCRM <= 7.11.11 Multiple Phar Deserialization Vulnerabilities

ve.mitre.org) has assigned the name CVE-2020-8801 to these vulnerabilities. [-] Credits: Vulnerabilities discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2020-02 ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] [KIS-2020-04] SuiteCRM <= 7.11.11 (add_to_prospect_list) Broken Access Control Vulnerability

has assigned the name CVE-2020-8803 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2020-04 ___ Sent through the Full Disclosure mailing list https://nmap.or

[FD] [KIS-2020-05] SuiteCRM <= 7.11.10 Multiple SQL Injection Vulnerabilities

d [10/02/2020] - Version 7.11.11 released [12/02/2020] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2020-8804 to these vulnerabilities. [-] Credits: Vulnerabilities discovered by Egidio Romano. [-] Origina

[FD] [KIS-2020-01] SuiteCRM <= 7.11.11 Second-Order PHP Object Injection Vulnerabilities

the name CVE-2020-8800 to these vulnerabilities. [-] Credits: Vulnerabilities discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2020-01 ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/full

[FD] SugarCRM < 10.1.0 Multiple Reflected Cross-Site Scripting Vulnerabilities

nce:* The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2020-17372 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-17372> to these vulnerabilities. *• Credits:* Vulnerabilities discovered by Egid

[FD] SugarCRM < 10.1.0 (Reports Export) SQL Injection Vulnerability

org) has assigned the name CVE-2020-17373 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-17373> to this vulnerability. *• Credits:* Vulnerability discovered by Egidio Romano. ___ Sent through the Full Disclosure mailing list https://nmap.or

[FD] [KIS-2020-07] openSIS <= 7.4 (Bottom.php) Local File Inclusion Vulnerability

erabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2020-13383 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2020-07 ___ Sent through the F

[FD] [KIS-2020-06] openSIS <= 7.4 Incorrect Access Control Vulnerabilities

osures project (cve.mitre.org) has assigned the name CVE-2020-13382 to these vulnerabilities. [-] Credits: Vulnerabilities discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2020-06 ___ Sent through the Full

[FD] [KIS-2020-08] openSIS <= 7.4 Multiple SQL Injection Vulnerabilities

nce: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2020-13380 to vulnerabilities (1) and (2), and name CVE-2020-13381 for the other vulnerabilities. [-] Credits: Vulnerabilities discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com

[FD] [KIS-2021-01] IPS Community Suite <= 4.5.4 (Downloads REST API) SQL Injection Vulnerability

rgeted patch [05/01/2021] - Vendor released version 4.5.4.2 [05/01/2021] - CVE number assigned [06/01/2021] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2021-3025 to this vulnerability. [-] Credits: Vulner

[FD] [KIS-2020-11] qdPM <= 9.1 (executeExport) PHP Object Injection Vulnerability

c disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2020-26165 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http:/

[FD] [KIS-2021-05] Concrete5 <= 8.5.5 (Logging Settings) Phar Deserialization Vulnerability

mon Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2021-36766 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Other References: https://hackerone.com/reports/1063039 [-] Original Advisory: http://karmainsecurity.com/KIS-20

[FD] ImpressCMS: from unauthenticated SQL injection to RCE

Hello list, I'd like to share with you my latest blog post. Hope you may find this SQL injection exploitation technique interesting and potentially useful for your penetration tests. Enjoy it! Link: http://karmainsecurity.com/impresscms-from-unauthenticated-sqli-to-rce Best regards, /EgiX

[FD] [KIS-2022-04] ImpressCMS <= 1.4.3 (findusers.php) SQL Injection Vulnerability

[-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2021-26599 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Other References: https://hackerone.com/reports/1081145 [-] Original Advisory: http://kar

[FD] [KIS-2022-02] ImpressCMS <= 1.4.2 (image-edit.php) Path Traversal Vulnerability

he name CVE-2021-26601 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Other References: https://hackerone.com/reports/1081878 [-] Original Advisory: http://karmainsecurity.com/KIS-2022-02 ___ Sent through the

[FD] [KIS-2022-01] ImpressCMS <= 1.4.2 (autologin.php) Authentication Bypass Vulnerability

] - CVE number assigned [06/02/2022] - Version 1.4.3 released [22/03/2022] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2021-26600 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Ro

[FD] [KIS-2022-03] ImpressCMS <= 1.4.2 (findusers.php) Incorrect Access Control Vulnerability

project (cve.mitre.org) has assigned the name CVE-2021-26598 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Other References: https://hackerone.com/reports/1081137 [-] Original Advisory: http://karmainsecurity.com/KIS-2022-03 ___

Re: [FD] ImpressCMS: from unauthenticated SQL injection to RCE

Hello again, Just wanted to let you know I updated the blog post with some more details: apparently, this technique could be abused to bypass WAFs such as OWASP ModSecurity CRS (Paranoia Level 1) and Cloudflare, check it out! /EgiX On Wed, Mar 23, 2022 at 3:07 PM Egidio Romano wrote: > He

[FD] [KIS-2022-05] Joomla! <= 4.1.0 (Tar.php) Zip Slip Vulnerability

02/2021] - Sent feedback about the patch correctness [29/03/2022] - Vendor update released [29/03/2022] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2022-23793 to this vulnerability. [-] Credits: Vulnerabil

[FD] [KIS-2023-12] phpFox <= 4.8.13 (redirect) PHP Object Injection Vulnerability

[-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46817 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: https://karmainsecurity.com/KIS-2023-12 [-] Other References: https:

[FD] [KIS-2023-11] SugarCRM <= 13.0.1 (set_note_attachment) Unrestricted File Upload Vulnerability

d [26/10/2023] - Publication of this advisory [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has not assigned a CVE identifier for this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: https://karmainsecurity.co

[FD] [KIS-2023-10] SugarCRM <= 13.0.1 (GetControl) Server-Side Template Injection Vulnerability

erabilities and Exposures project (cve.mitre.org) has not assigned a CVE identifier for this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: https://karmainsecurity.com/KIS-2023-10 [-] Other References: https://support.sugarcrm.com/resour

[FD] [KIS-2023-05] SugarCRM <= 12.2.0 (Notes) Unrestricted File Upload Vulnerability

er assigned [23/08/2023] - Publication of this advisory [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-35808 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmains

[FD] [KIS-2023-06] SugarCRM <= 12.2.0 (updateGeocodeStatus) Bean Manipulation Vulnerability

- Vendor notified [12/04/2023] - Fixed versions released [17/06/2023] - CVE number assigned [23/08/2023] - Publication of this advisory [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-35809 to this vulnerability. [-]

[FD] [KIS-2023-07] SugarCRM <= 12.2.0 (Docusign_GlobalSettings) PHP Object Injection Vulnerability

rability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: https://karmainsecurity.com/KIS-2023-07 [-] Other References: https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-009/ ___ Sent through the Full Disclo

[FD] [KIS-2023-08] SugarCRM <= 12.2.0 Two SQL Injection Vulnerabilities

CVE-2023-35811 to these vulnerabilities. [-] Credits: Vulnerabilities discovered by Egidio Romano. [-] Original Advisory: https://karmainsecurity.com/KIS-2023-08 [-] Other References: https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-

[FD] [KIS-2023-09] CrafterCMS <= 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities

CVE-2023-4136 to these vulnerabilities. [-] Credits: Vulnerabilities discovered by Egidio Romano, working with IMQ Minded Security. [-] Original Advisory: https://karmainsecurity.com/KIS-2023-09 [-] Other References: https://docs.craftercms.org/en/4.1/security/advisory.html#cv-2023080

[FD] [KIS-2023-02] Tiki Wiki CMS Groupware <= 24.0 (structlib.php) PHP Code Injection Vulnerability

[08/03/2022] - Vendor notified [23/08/2022] - Version 24.1 released [09/01/2023] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-22853 to this vulnerability. [-] Credits: Vulnerability discovered by Egi

[FD] [KIS-2023-03] Tiki Wiki CMS Groupware <= 24.0 (grid.php) PHP Object Injection Vulnerability

); fileInput.files = dataTransfer.files; document.forms[0].submit(); [-] Solution: Upgrade to version 24.1 or later. [-] Disclosure Timeline: [07/03/2022] - Vendor notified [23/08/2022] - Version 24.1 released [09/01/2023] - Public disclo

[FD] [KIS-2023-04] Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP Object Injection Vulnerability

d [09/01/2023] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-22851 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-20

[FD] [KIS-2023-01] Tiki Wiki CMS Groupware <= 25.0 Two Cross-Site Request Forgery Vulnerabilities

ied [09/01/2023] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-22852 to this vulnerability. [-] Credits: Vulnerabilities discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2

[FD] Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability

g) has not assigned a CVE identifier for this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Other References: https://security.drupal.org/node/175968 [-] Original Advisory: http://karmainsecurity.com/KIS-2022-06 __

[FD] Exploiting an N-day vBulletin PHP Object Injection Vulnerability

Hello list, Just wanted to share with you my latest blog post: http://karmainsecurity.com/exploiting-an-nday-vbulletin-php-object-injection Best regards, /EgiX ___ Sent through the Full Disclosure mailing list

[FD] [KIS-2023-14] PKP-WAL <= 3.4.0-3 (NativeImportExportPlugin) Remote Code Execution Vulnerability

identifier assigned [17/11/2023] - Version 3.4.0-4 released [14/12/2023] - Publication of this advisory [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-47271 to this vulnerability. [-] Credits: Vulnerability

[FD] [KIS-2023-13] ISPConfig <= 3.2.11 (language_edit.php) PHP Code Injection Vulnerability

23] - Version 3.2.11p1 released [27/10/2023] - CVE identifier assigned [07/12/2023] - Publication of this advisory [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46818 to this vulnerability. [-] Credits: Vulnerability discove

[FD] [KIS-2024-01] XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability

ssigned a CVE identifier for this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Other References: https://xenforo.com/tickets/BC37EB98/?v=5da7bd5728 [-] Original Advisory: http://karmainsecurity.com/KIS-2024-01 ___ Sent

[FD] [KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability

3/2024] - Version 4.7.16 released [20/03/2024] - CVE identifier requested [24/03/2024] - CVE identifier assigned [05/04/2024] - Coordinated public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2024-30163 to this vulne

[FD] [KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability

VE identifier requested [24/03/2024] - CVE identifier assigned [05/04/2024] - Coordinated public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2024-30162 to this vulnerability. [-] Credits: Vulnerability discovered by