Summary A template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Attacker was able to trigger SSTI via the Laravel dispatcher functionality. Advisory: (https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p)
Technical Details by Researcher is published here : https://link.medium.com/5Vi22ULA8xb
This is a complete detailed technical analysis of the CVE-2022-44877 with exploitation script and video explaining how to use the tool https://www.vicarius.io/vsociety/blog/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877 https://www.vicarius.io/vsociety/blog/unique-exploit-cve-2022-44877-exploitation-tool https://www.vicarius.io/vsociety/posts/1347
Advisory can be found at our website. (https://cyberdanube.com/en/en-authenticated-command-injection-in-hirschmann-belden-bat-c2/). The vulnerability was discovered with the help of our emulation framework MEDUSA
Advisory can be found at our website. (https://cyberdanube.com/en/en-multiple-vulnerabilities-in-delta-electronics-dx-2100-l1-cn/). The vulnerability was discovered with the help of our emulation framework MEDUSA
- « Previous
- Next »