š Pinned
-
SQL Injection, Insufficient ACLs in Frappe Framework, Frappe Learning & Frappe Press
In this long-due post I describe some security vulnerabilities I found in Frappe Framework1, Frappe Learning2 and Frappe press3. While I did my best responsibly disclosing these vulnerabilities, the vendor was not very helpful in the process and did not communicate properly once the findings were sent their way.
Previous Posts
-
Broken Authentication and Local File Inclusion (LFI) in '/api/FetchRemoteTransferStatus' endpoint - CyberPanel [7]
In CyberPanel versions between 1.7 (possibly earlier) and 2.3.4, the
FetchRemoteTransferStatus()function used in āRemote Backupsā is missing sufficient authentication controls and is vulnerable to LFI.
-
Insecure Generation and Storage of API tokens - CyberPanel [6]
In CyberPanel versions between 1.8.7 and 2.3.4, the user API tokens are insecurely generated using the Base64 transform of the plaintext username and password credentials.
-
Bypass of Security Controls in `commandInjectionCheck()` - CyberPanel [5]
In CyberPanel versions between 1.9.4 through 2.3.4, the security controls implemented in the
commandInjectionCheck()function were missing checks for specific forbidden special characters, resulting in command injection.
-
Security Middleware Bypass - CyberPanel [4]
In CyberPanel versions 2.1.1 through 2.3.4 the Security Middleware mechanism is making security decisions by relying on incorrect order of analysis and incomplete set of forbidden special characters.