From cyberspace
I am not CVE holder for this particular vulnerability. I found bug analyzing source code and reported the vulnerability to the vendor, but it was a duplicate issue. After weeks, CVE assigned to this vulnerability. https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-xjx2-38hv-5hh8 https://docs.suitecrm.com/admin/releases/7.14.x CVE-2024-36412 CVSSv3 Score: 10.0 Proof of Concept Details Application handles entryPoint parameter and includes it. responseEntryPoint action does…
Introduction Blesta is a web-based billing and invoicing software designed for hosting providers, web developers, and other businesses that offer online services. https://www.blesta.com/2024/02/08/security-advisory https://nvd.nist.gov/vuln/detail/CVE-2024-25859 This post will be about 3 vulnerabilities in Blesta. By chaining these vulnerabilities together, any attacker could gain code execution in a web server using blesta. Product: Blesta 5.8.2 (Click to…
Introduction Typically SQL injection attacks are blocked by Web Application Firewalls. Security researchers are supposed to be get a way to escape this security mechanism. SQL injection attacks aim to execute a query that is manipulated by security researchers. Even though SQLi is a dangerous vulnerability, it’s still exists in web applications. One of good…