Exposing administrative interfaces can be dangerous – SQL injection in Aptean TLDR; We have found a time-based SQL injection in Aptean Product Configurator v4.0 SP6 – 4.61.0000 which allowed for …
XXE vulnerability in 3CX Phone System Another vulnerability discovered by Logically Secure. This time it is XXE (XML External Entity Injection) and SSRF (Server-Side Request Forgery) in 3CX Phone System …
This article aims to present how easy is to overlook the security of (some parts of) the application, leaving widely used CMS systems insecure despite its popularity, open source approach …
Often during the penetration testing activities our team comes across potentially unsafe behaviours, coding errors and unspecified misconfiguration errors. This time we had a full access to the WordPress instance, …
