#firefox

Global Domains International version 2.0 suffers from an html injection vulnerability.

GetSimple CMS version 3.3.2 suffers from a cross site scripting vulnerability.

G and G Corporate CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

GEN Security+ version 4.0 suffers from a cross site scripting vulnerability.

Geeklog version 2.1.0b1 suffers from a remote SQL injection vulnerability.

GraceHRM version 1.0.3 suffers from a directory traversal vulnerability.

FlightPath LMS version 5.0-rc2 suffers from an insecure direct object reference vulnerability.

FAST TECH CMS version 1.0 suffers from a cross site request forgery vulnerability.

doorGets CMS version 12 suffers from a remote shell upload vulnerability.

This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.