Hello friends, 0day of today is NavigateCMS RCE. The protection for file upload isn’t enough and this allows us to upload shell then execute os commands.
There is an upload extension section on the admin panel.
We can upload extensions for NavigateCMS (Votes is default one). But the file will be uploaded must be a zip file. If it doesn’t match, the file won’t be uploaded.
Hello friends, This is my first blog-post, Apologizes for my mistakes and my possible grammar mistakes :)
This is a SQL Injection vulnerability that I found on GilaCMS, 1.14.0 version(may affect previous versions) but now it’s patched on 1.15.0 version. GilaCMS is written with PHP. So Let’s Start
/src/core/classes/Package.php 249–251 lines
As you can see there is a clearly SQLi vulnerability. The user input [‘option’] is going to foreach loop since the user-input is an array (multipart/form-data) and value is going into the query directly (without any protection). That’s why an attacker is able to modify the SQL query.
Hacker, Security Researcher, Exploit Developer