Detected by RIPS

missed by others.

The following critical security vulnerabilities were detected with RIPS and reported responsibly to the affected vendor.

SoftwareVersionIssue TypeDetails
phpBB3.2.3Phar Deserialization to RCEAnalysis, RIPS Report, News
Pydio8.2.1Remote Code ExecutionAnalysis, RIPS Report, News
WooCommerce3.4.5File Delete to RCEAnalysis, RIPS Report, News
TikiWiki17.1SQL InjectionAnalysis
WordPress4.9.6File Delete to RCEAnalysis
Moodle3.4.2Remote Code ExecutionAnalysis, News
PrestaShop1.7.2.4Remote Code ExecutionAnalysis, News
Shopware5.4.2Path Traversal, SQL InjectionNews
WooCommerce3.2.3PHP Object InjectionAnalysis, News
LimeSurvey2.72.3Remote Code ExecutionAnalysis, RIPS Report
Joomla!3.8.3SQL InjectionAnalysis, RIPS Report, News, CVE-2018-6376
CubeCart6.1.12Auth Bypass, SQL InjectionAnalysis, RIPS Report
OXID eSales4.10.6Authenticated SQL InjectionRIPS Report
Shopware5.3.3SQL Injection, XXE InjectionAnalysis, RIPS Report
flatCore CMS1.4.6Remote Code ExecutionAnalysis, RIPS Report
Joomla!3.7.5LDAP InjectionAnalysis, RIPS Report, News, CVE-2017-14596
SugarCRM7.7, 7.8, 7.9SQL Injection, File DisclosureAnalysis, CVE-2017-14508, 14509, 14510
Ampache3.8.2SQL InjectionDetails, More
e1072.1.2SQL InjectionAnalysis, RIPS Report
AbanteCart1.2.8SQL InjectionAnalysis, RIPS Report
Kliqqi3.0.0.5Remote Code ExecutionAnalysis, RIPS Report
osClass3.6.1Remote Code ExecutionAnalysis, RIPS Report, Video
Redaxo5.2.0Remote Code ExecutionAnalysis, RIPS Report
Vtiger6.5.0SQL InjectionAnalysis, RIPS Report
Precurio2.1Path TraversalAnalysis, RIPS Report
PHPKit1.6.6File UploadAnalysis, RIPS Report
Serendipity2.0.3File UploadAnalysis, RIPS Report, Video
Roundcube1.2.2Remote Command ExecutionAnalysis, RIPS Report, CVE-2016-9920, Video
Expression Engine3.4.2PHP Object InjectionAnalysis, RIPS Report, Video
eFront3.6.15SQL InjectionAnalysis, RIPS Report
Coppermine Gallery1.5.42, 1.6.x-dev1Remote Command ExecutionAnalysis, RIPS Report
FreePBX13.xRemote Command ExecutionAnalysis, RIPS Report, News, Video
TeamPass2.1.25SQL InjectionAnalysis, RIPS Report, News
phpMyAdmin4.6.2Remote Code ExecutionPMASA-2016-27, CVE-2016-5734, RIPS Report
Concrete55.7.2.1SQL InjectionDetails
Drupal7.34PHP Object InjectionDetails
Magento1.9.0.1PHP Object InjectionDetails
phpMyAdmin4.2.10Local File InclusionPMASA-2014-14, CVE-2014-8959
Joomla!3.3.4Remote Code ExecutionDetails, CVE-2014-7228
phpBB2.0.23SQL InjectionAnalysis, RIPS Report
CMS Made Simple1.11.11SQL InjectionChangelog, RIPS Report
osCommerce2.3.4Remote Code ExecutionVideo
Wordpress4.01Cross-Site ScriptingDetails
hotCRP2.90SQL InjectionChangelog
hotCRP2.60SQL InjectionChangelog
OpenConf5.30Remote Code ExecutionAnalysis, News, Video
Gallery33.0.4Remote Code ExecutionDetails

Here is one of the few security products, that is not snakeoil: RIPS. We use it all the time.

Dr. Mario Heiderich, CEO, Cure53


Stay current
about our latest findings