From Privilege Escalation to RCE in Wiki.js
A tale of privilege escalation, command injection, and the humbling art of responsible disclosure
May 21, 202611 min read
Command Palette
Search for a command to run...
#cve
Articles tagged with #cve
Two RCE Design Flaws in ManageEngine Exchange Reporter Plus 5721
ManageEngine Exchange Reporter Plus is a web-based tool for managing and monitoring Exchange Server and Exchange Online environments. It offers over 450 built-in reports on mailboxes, email traffic, user activity, and permissions. The tool supports r...
Jul 30, 20255 min read195
[CVE-2022-4582] Unauth. SQL Injection vulnerability in Advanced Booking Calendar plugin ≤1.7.1 on Wordpress
1. Giới thiệu về CVE-2022-4582 WordPress là một hệ thống mã nguồn mở dùng để xuất bản blog/website được viết bằng ngôn ngữ lập trình PHP và cơ sở dữ liệu MySQL. WordPress được biết đến như một CMS miễn phí nhưng tốt, dễ sử dụng và phổ biến nhất trên ...
Mar 19, 20234 min read244![[CVE-2022-4582] Unauth. SQL Injection vulnerability in Advanced Booking Calendar plugin ≤1.7.1 on Wordpress](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1679237103700%2F36856807-4e16-43dd-9fb0-d49ecb006c41.png&w=3840&q=75)
[CVE-2022-35649] 1-Click RCE in Moodle v4.0.1
I. Introduction: Moodle is a free and open-source Course Management System (CMS), also known as a Learning Management System (LMS) or a Moodle Learning Environment (VLE). Written in PHP, it is currently used for blended learning, distance education, ...
Mar 9, 20236 min read2.5K![[CVE-2022-35649] 1-Click RCE in Moodle v4.0.1](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1678180527459%2F68185713-f069-42d4-9bb4-8614ca0126bd.png&w=3840&q=75)