ImpressCMS: from unauthenticated SQL injection to RCE

Read Time:15 Second

Posted by Egidio Romano on Mar 23

Hello list,

I’d like to share with you my latest blog post. Hope you may find this
SQL injection exploitation technique interesting and potentially useful
for your penetration tests. Enjoy it!

Link: http://karmainsecurity.com/impresscms-from-unauthenticated-sqli-to-rce

Best regards,
/EgiX

ZDI-CAN-25373: Microsoft

A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus - Trend Micro Zero Day Initiative' was reported to...

September 20, 2024

DSA-5774-1 ruby-saml – security update

It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify...

September 20, 2024

USN-6968-2: PostgreSQL vulnerability

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS....

September 19, 2024