Sonar Logo
Start for FreeExplore Pricing

Sonar Blog

Home

Blog

Sonar's latest blog posts

Featured Post

What Code Issues Caused the CrowdStrike Outage?

This blog post takes a look at the potential code issues behind the recent global CrowdStrike outage.

Read More
https://assets-eu-01.kc-usercontent.com:443/275a16f7-9b36-0172-ed6f-fce50dc34f53/7b69d1cd-74f7-4610-a793-6bd3e35737fa/crowdstrike_blog_featured_2x.webp
In this post we will examine the technical intrinsics of a critical vulnerability in the previous Moodle release (CVE-2018-1133).
Blog post

Evil Teacher: Code Injection in Moodle

In this post we will examine the technical intrinsics of a critical vulnerability in the previous Moodle release (CVE-2018-1133).

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Import issues of your favorite linters in SonarCloud!

Over the past 2 weeks, the following new features were deployed on SonarCloud: import of issues from external linters with built-in support for TypeScript projects, support for the Go language, graceful handling of username change, first version of the GitHub Application, new rules for Python, Java and Swift

Read Blog post >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Image shows various elements of code security, languages and bugs
Blog post

A Salesmans Code Execution: PrestaShop 1.7.2.4

PrestaShop is one of the most popular e-commerce solutions. We detected a highly critical vulnerability that allows to execute arbitrary code on any installation with version <= 1.7.2.4. In this technical blog post we present the vulnerability and the exploitation technique that could have been misused by attackers (CVE-2018-20717).

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/275a16f7-9b36-0172-ed6f-fce50dc34f53/37dcd70e-a0d8-43b3-8677-a0cae59488d9/limesurvey_attack.jpg.webp
Blog post

LimeSurvey 2.72.3 - Persistent XSS to Code Execution

We detected two vulnerabilities in LimeSurvey < 2.72.3: An unauthenticated persistent cross-site scripting vulnerability (CVE-2017-18358) and an authenticated arbitrary file write vulnerability which can be chained.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Joomla! 3.8.3: Privilege Escalation via SQL Injection

Joomla! is one of the biggest players in the market of content management systems and the second most used CMS on the web. We discovered a second-order SQL injection (CVE-2018-6376) that could be used by attackers to leverage lower permissions and to escalate them into full admin permissions on Joomla! prior version 3.8.4.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Why did my coverage just drop?!

After an upgrade people are sometimes surprised to find that the next analysis of a project with no real changes shows a significant drop in coverage. Believe it or not, that really is a feature, not a bug, and it's called Executable Lines.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

CubeCart 6.1.12 - Admin Authentication Bypass

CubeCart is an open source e-commerce solution. In one of our latest security analysis we found two flaws in this web application that allow an attacker to circumvent the authentication mechanism required to login as an administrator (CVE-2018-20716).

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Supporting analysis of .NET Core projects

Support for SonarQube analysis of projects in the new MSBuild v15 format has been one of the features most requested by the Microsoft community, now it's done !

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/275a16f7-9b36-0172-ed6f-fce50dc34f53/e735ea2e-b5be-42e7-b491-050d72711136/shopware_exploit.jpg
Blog post

Shopware 5.3.3: PHP Object Instantiation to Blind XXE

Shopware is a popular e-commerce software that bases on Symfony, Doctrine and the Zend Framework. In this blog post we investigate the exploitation of a rare PHP object instantiation vulnerability (CVE-2017-18357).

Read Blog post >

Joomla! is one of the most popular content management systems. We detected a previously unknown LDAP injection vulnerability in the login controller that could allow remote attackers to l...
Blog post

Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection

Joomla! is one of the most popular content management systems. We detected a previously unknown LDAP injection vulnerability in the login controller that could allow remote attackers to leak the super user password and to fully take over any Joomla! installation.

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/275a16f7-9b36-0172-ed6f-fce50dc34f53/480d06ea-3df3-43e0-93c0-15256c00cc2e/SugarCRM_security.png
Blog post

SugarCRM's Security Diet - Multiple Vulnerabilities

SugarCRM is one of the most popular customer relationship management solutions. We uncovered critical security issues that could allow attackers to steal customer data or sensitive files from the server.

Read Blog post >