Overview A critical vulnerability has been discovered in the PostGallery plugin for WordPress, identified as CVE-2025-13543. This vulnerability allows authenticated attackers with subscriber-level permissions or higher to upload arbitrary files to the affected site’s server. This can lead to remote code execution (RCE) and complete compromise of the WordPress website. This vulnerability exists in all versions of the PostGallery plugin up to and including version 1.12.5. Technical Details The vulnerability resides in the PostGalleryUploader class functions within the PostGallery plugin. Specifically, the file type validation is insufficient, allowing attackers to bypass security checks and upload malicious files, such as PHP…
-
-
Overview CVE-2024-58278 identifies a critical vulnerability affecting perl2exe versions up to and including V30.10C. This security flaw allows a local, authenticated attacker to execute arbitrary code on a compromised system. The vulnerability stems from the ability to control the 0th argument of packed executables, enabling attackers to bypass security restrictions and gain unauthorized access by running other executables. Technical Details The core of CVE-2024-58278 lies in the way perl2exe handles the first argument (argv[0]) passed to the compiled executable. By manipulating this argument, an attacker can trick the executable into running a different, potentially malicious program. This bypasses intended security…
-
Overview CVE-2024-58277 describes a critical vulnerability affecting R Radio Network FM Transmitter version 1.07. This vulnerability allows unauthenticated attackers to retrieve the administrator’s password through the system.cgi endpoint. Successful exploitation of this vulnerability grants unauthorized access to the FM station’s configuration settings and allows for complete authentication bypass. Technical Details The vulnerability stems from insufficient access control on the system.cgi endpoint. The application fails to properly authenticate users before allowing access to sensitive system information, including the administrator’s password. An attacker can simply request the system.cgi endpoint to retrieve this sensitive information without providing any credentials. CVSS Analysis Currently, the…
-
Overview CVE-2024-58276 details a critical SQL injection vulnerability found in Obi08/Enrollment System version 1.0. This flaw allows unauthenticated attackers to execute arbitrary SQL queries via the keyword parameter in the /get_subject.php endpoint. Exploitation can lead to the extraction of sensitive data, including usernames and passwords, from the application’s database. Technical Details The vulnerability stems from insufficient sanitization of user-supplied input in the keyword parameter of the /get_subject.php script. An attacker can inject malicious SQL code into this parameter, bypassing the intended query structure. The vulnerability is particularly severe because it can be exploited without requiring authentication. The identified exploit utilizes…
-
Overview CVE-2024-58275 details a critical vulnerability affecting Easywall version 0.3.1, a simplified firewall management interface. This vulnerability allows authenticated remote attackers to execute arbitrary commands on the server due to a command injection flaw in the /ports-save endpoint. By injecting shell metacharacters into specific parameters, attackers can bypass intended input validation and execute malicious code. Technical Details The vulnerability resides within the /ports-save endpoint of Easywall 0.3.1. This endpoint is responsible for saving port configurations. The application fails to properly sanitize user-supplied input, leading to a parameter injection flaw. An authenticated attacker can exploit this flaw by injecting shell metacharacters…
-
Overview CVE-2023-53735 describes a cross-site scripting (XSS) vulnerability found in WEBIGniter version 28.7.23. This vulnerability resides within the user creation process, allowing unauthenticated attackers to inject and execute malicious JavaScript code. Exploiting this flaw could lead to various security risks, including session hijacking, defacement, and data theft. This article provides a detailed analysis of the vulnerability, its potential impact, and recommended mitigation steps. Technical Details The XSS vulnerability exists due to insufficient sanitization and validation of user-supplied input during the user creation process. Specifically, an attacker can inject malicious JavaScript code into fields such as the username, email address, or…
-
Overview CVE-2023-53734 details a critical SQL injection vulnerability found in Dawa Pharma 1.0. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries against the application’s database server. Successful exploitation can lead to the disclosure of sensitive information, including patient data, financial records, and potentially even administrative credentials. This poses a significant risk to organizations using the affected software. Technical Details The vulnerability resides in the handling of user-supplied input, specifically within the ’email’ parameter. The application fails to properly sanitize or validate this input before incorporating it into SQL queries. As a result, an attacker can inject malicious SQL…
-
Overview A high-severity Server-Side Request Forgery (SSRF) vulnerability has been discovered in Open WebUI, a self-hosted artificial intelligence platform designed for offline operation. This vulnerability, identified as CVE-2025-65958, allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This poses a significant risk to the confidentiality and integrity of systems interacting with Open WebUI. Technical Details Open WebUI versions prior to 0.6.37 are susceptible to this SSRF vulnerability. The flaw stems from insufficient validation of user-supplied input used in making HTTP requests. An authenticated user can manipulate this input to construct URLs that the Open…
-
Overview A critical security vulnerability, identified as CVE-2025-65883, has been discovered in the Genexis Platinum P4410 router running firmware version P4410-V2–1.41. This vulnerability allows a local network attacker to execute arbitrary code with root privileges on the affected device. The root cause is improper session invalidation after an administrator logs out of the router’s management interface. Technical Details The vulnerability stems from the router’s failure to properly invalidate the administrator’s session token upon logout. Specifically, after an administrator logs out, the session token remains valid and active. An attacker with access to the local network can intercept or guess this…
-
Overview CVE-2025-65806 details a critical vulnerability discovered in the E-POINT CMS’s file upload functionality, specifically within the eagle.gsam-1169.1 component. This vulnerability allows a remote attacker to achieve Remote Code Execution (RCE) by uploading a specially crafted, nested ZIP archive. The CMS’s insufficient validation of archive contents allows the extraction of malicious files, such as webshells, into web-accessible directories. Technical Details The core of the vulnerability lies in the CMS’s improper handling of nested archive files. An attacker can craft a malicious ZIP archive containing another ZIP archive. The inner ZIP archive contains an executable file, commonly a PHP webshell (e.g.,…