Tag: CVE

Pentest reveals vulnerabilities in WordPress plugin Ninja Forms <= 3.0.22

During a recent Pentest for one of our clients, we discovered Path Traversal and Unrestricted File Upload vulnerabilities in the WordPress plugin Ninja Forms with its File Upload extension (v3.0.22) enabled. This eventually allows an unauthenticated attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name…

Lees meer

Pentest shows Path Traversal in Mirasys Workstation < 5.12.6

During a recent pentest for one of our clients, we discovered a Camera webapplication running on port 9999, exposed to the internet. All applications which are accessible over the internet by anonymous users are interesting targets to possibly gain access to internal networks or linked systems. The webapplication identified as a somewhat older version of…

Lees meer