Lack of sanitization of GET-parameters searchField, filters, filters2 in /main/inc/ajax/model.ajax.php leads to the multiple unauthorized SQL injections in Chamilo LMS 1.11.x and (dev version of) 2.0
CVE-2020-29143. SQL injection vulnerability in OpenEMR 6.0.0-dev, 5.0.2(5)
Ineffective use of add_escape_custom() in interface/reports/non_reported.php leads to SQL injection in OpenEMR 6.0.0-dev, 5.0.2(5).
CVE-2020-29142. SQL injection vulnerability in OpenEMR 6.0.0-dev, 5.0.2(5)
Ineffective use of add_escape_custom() in interface/usergroup/usergroup_admin.php leads to SQL injection in OpenEMR 6.0.0-dev, 5.0.2(5).
CVE-2020-29140. SQL injection vulnerability in OpenEMR 6.0.0-dev, 5.0.2(5)
Ineffective use of add_escape_custom() in interface/reports/immunization_report.php leads to SQL injection in OpenEMR 6.0.0-dev, 5.0.2(5).
CVE-2020-29139. SQL injection vulnerability in OpenEMR 6.0.0-dev, 5.0.2(5)
Ineffective use of add_escape_custom() in library/patient.inc leads to SQL injection in OpenEMR 6.0.0-dev, 5.0.2(5).
A note on Yii2 code generation safe usage
Yii2 is one of the popular PHP frameworks with difficult name to read. Correct use of frameworks significantly reduces development time, and also covers most of the security issues. But this, of course, does not mean the absolute safety of Yii2 applications, since there is always a human factor in any system. This short note… Continue reading A note on Yii2 code generation safe usage
We won The Standoff 2020
The Standoff is a unique cyber environment created by IT and information security specialists for the secure development of IT infrastructure, which allows you to simulate the digital twin of a modern metropolis and demonstrate how cybercriminals can affect its high-tech infrastructure. The Standoff virtual city contains the same hardware and software components with all… Continue reading We won The Standoff 2020
Review of PHP backdoors
Made report at Open Sysconf’19 about PHP backdoors with my colleague @joe1black. In this report were considered backdoors of different levels: common and uncommon with examples. PDF in russian language.