cve | Mika's Blog

1

[CVE-2023-34020] Unauthenticated Open Redirect 5 (8)

Posted on 4 juillet 2023 by Mika

3 min readMika discovered and reported this Open Redirection. This could allow a malicious actor to redirect users from one site to the other due to the redirect URL not being validated. Users could be tricked to visiting a legitimate site to then be redirected to a malicious site and cause a phishing incident. This vulnerability has been fixed in version 3.6.4.4. Continuer la lecture →

2

My first CVE (2021-24856) – WordPress Plugin 5 (8)

Posted on 18 octobre 2021 by Mika

2 min readThe plugin does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks. Continuer la lecture →

0

[TryHackme] – Gallery 4.4 (19)

Posted on 24 mai 2021 by Mika

4 min readGallery is a tryhackme room designed by me. You will exploit an SQL injection and deal with a custom script to escalate to the root user. Continuer la lecture →

LEGAL PAGES