Moodle – Remote Code Execution

The vulnerability (CVE-2017-2641) allows an attacker to execute PHP code at the vulnerable Moodle server. This vulnerability actually consists of many small vulnerabilities, as described further in the blog post. Moodle is a very popular learning management system, deployed in many universities around the world, including top institutes such as MIT, Stanford, the University of Cambridge, […]

Magento – Unauthenticated Remote Code Execution

The vulnerability (CVE-2016-4010) allows an attacker to execute PHP code at the vulnerable Magento server unauthenticated. This vulnerability actually consists of many small vulnerabilities, as described further in the blog post. Magento is an extremely popular eCommerce platform with a 30% share in the eCommerce market. It is used by major corporations, such as Rosetta Stone, […]

MediaWiki (wikipedia.org) – Unauthenticated Remote Code Execution

The vulnerability (CVE-2014-1610) allows an unauthenticated attacker to execute code remotely on a vulnerable MediaWiki installation. It requires the DjVu file format in order to be exploited (built in by default). MediaWiki is an open-source web platform used to create and maintain wikis. One of the major sites using the system is Wikipedia.org and alongside the rest […]