Security
Headlines
HeadlinesLatestCVEs

Tag

#php

SmartAgent 1.1.0 Remote Code Execution

SmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.

Packet Storm
#vulnerability#web#linux#php#rce#auth
SmartAgent 1.1.0 Server-Side Request Forgery

SmartAgent version 1.1.0 suffers from a server-side request forgery vulnerability.

SmartAgent 1.1.0 SQL Injection

SmartAgent version 1.1.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.

GHSA-4fvx-h823-38v3: YesWiki Uses a Broken or Risky Cryptographic Algorithm

### Summary The use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. ### Details Firstly, the salt used to hash the password reset key is hard-coded in the `includes/services/UserManager.php` file at line `36` : ```php private const PW_SALT = 'FBcA'; ``` Next, the application uses a weak cryptographic algorithm to hash the password reset key. The hash algorithm is defined in the `includes/services/UserManager.php` file at line `201` : ```php protected function generateUserLink($user) { // Generate the password recovery key $key = md5($user['name'] . '_' . $user['email'] . random_int(0, 10000) . date('Y-m-d H:i:s') . self::PW_SALT); ``` The key is generated from the **user's name**, **e-mail address**, a random number **between 0 and 10000**, the **current date** of the request and the **salt**. If we know the user's name and e-mail address, we can retrieve the key...

ABB Cylon Aspect 3.08.01 (badassMode) File Upload MD5 Checksum Bypass

The jsonProxy.php endpoint on the ABB BMS/BAS controller is vulnerable to username enumeration. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring authentication, attackers can gain unauthorized insights into valid usernames.

Qualitor 8.24 Server-Side Request Forgery

Qualitor versions 8.24 and below suffer from an unauthenticated server-side request forgery vulnerability.

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. "The plugin suffers from an unauthenticated privilege escalation vulnerability

GHSA-pjhx-j53p-c5f5: ThinkPHP deserialization vulnerability

A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer

A malvertising campaign is exploiting Meta’s platform to spread SYS01 infostealer, targeting men 45+ via fake ads for…

WordPress WP-Automatic SQL Injection

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a malicious administrator account. The password for the new account is hashed using MD5. Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control over the WordPress site.