Sonar's latest blog posts
The Coding Personalities of Leading LLMs
Make smarter AI adoption decisions with Sonar's latest report in The State of Code series. Explore the habits, blind spots, and archetypes of the top five LLMs to uncover the critical risks each brings to your codebase.
WooCommerce 3.6.4 - CSRF Bypass to Stored XSS
WooCommerce is the most popular e-commerce plugin for WordPress with over 5 million installations. We detected a code vulnerability in the way WooCommerce handles imports of products.
Read Blog >
Bitbucket 6.1.1 Path Traversal to RCE
In this blog post we analyse how the insecure extraction of a compressed TAR archive lead to a critical vulnerability in Bitbucket (CVE-2019-3397).
Read Blog >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
SuiteCRM 7.11.4 - Breaking Into Your Internal Network
In this blog post we will see how a vulnerable web application deployed in the internal network of your company can act as a charming entry gateway for any adversary.
Read Blog >
Pre-Auth Takeover of OXID eShops
We detected a highly critical vulnerability in the OXID eShop software that allows unauthenticated attackers to takeover an eShop remotely in less than a few seconds - all on default configurations.
Read Blog >
TYPO3 9.5.7: Overriding the Database to Execute Code
In this technical blog post we examine a critical vulnerability in the core of the TYPO3 CMS (CVE-2019-12747). A reliable exploit allows the execution of arbitrary PHP code on the underlying system as authenticated user.
Read Blog >
Magento 2.3.1: Unauthenticated Stored XSS to RCE
This blog post shows how the combination of a HTML sanitizer bug and a Phar Deserialization in the popular eCommerce solution Magento <=2.3.1 lead to a high severe exploit chain. This chain can be abused by an unauthenticated attacker to fully takeover certain Magento stores and to redirect payments.
Read Blog >
dotCMS 5.1.5: Exploiting H2 SQL injection to RCE
In this blog post we will show how to exploit a SQL injection vulnerability (CVE-2019-12872) found by RIPS Code Analysis in the popular java-based content management system dotCMS and how we escalated it to execute code remotely.
Read Blog >
MyBB <= 1.8.20: From Stored XSS to RCE
This blog post shows how an attacker can take over any board hosted with MyBB prior to version 1.8.21 by sending a malicious private message to an administrator or by creating a malicious post. We use a chain of two security vulnerabilities detected in the code.
Read Blog >
The Hidden Flaws of Archives in Java
Archives such as Zip, Tar, Jar or 7z are useful formats to collect and compress multiple files or directories in a container-like structure. However, the extraction of archives can introduce security risks which resulted in multiple critical vulnerabilities in popular applications in the past. In this post we explain the risk behind archive extraction and show how to securely extract archives in Java.
Read Blog >
The NeverEnding Story of writing a rule for argument passing in C++
Here is a story of a rule, from concept to production. While the selected rule is for C++, this story contains interesting insight on the craft of rule development, no matter the target language.
Read Blog >
Dependency hell: a complete guide
At a recent meetup, a few of us developers got into a discussion about "dependency hell"—the condition when one or more pieces of software need two or more conflicting dependencies (usually transitive ones) installed in the same environment.
Read article >