Sonar's latest blog posts
Announcing SonarSweep: Improving training data quality for coding LLMs
Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.
WordPress Design Flaw Leads to WooCommerce RCE
WordPress Design Flaw Leads to WooCommerce RCEA flaw in the way WordPress handles privileges can lead to a privilege escalation in plugins. This affects for example the popular WooCommerce.
Read Blog >
PHP Object Injection
A very common and critical vulnerability in PHP applications is PHP Object Injection. This blog post explains how they work and how they can lead to a full site takeover by remote attackers.
Read Blog >
Get new blog posts delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Fully Automated Promotion Pipelines with SonarQube Server and Artifactory
Catch builds constructed from poor quality code before they make it to production. Discover how to integrate Artifactory and SonarQube Server.
Read Blog >
My Journey Interviewing with SonarSource...
What's it like to interview with SonarSource? Read on and find out!
Read Blog >
What is Phar Deserialization
Last week a new exploitation technique for PHP applications was announced at the BlackHat USA conference. Find out everything you need to know in this blog post.
Read Blog >
Protect your code against injection vulnerabilities with SonarQube Cloud!
Injection security vulnerabilities (OWASP-A1) can run scared, as latest SonarQube Cloud updates now provide advanced security checks to continuously detect them.
Read Blog >
WordPress File Delete to Code Execution
In this blog post we introduce an authenticated arbitrary file deletion vulnerability (CVE-2018-20714) in the WordPress core that can lead to attackers executing arbitrary code.
Read Blog >
Evil Teacher: Code Injection in Moodle
In this post we will examine the technical intrinsics of a critical vulnerability in the previous Moodle release (CVE-2018-1133).
Read Blog >
Import issues of your favorite linters in SonarQube Cloud!
Over the past 2 weeks, the following new features were deployed on SonarQube Cloud: import of issues from external linters with built-in support for TypeScript projects, support for the Go language, graceful handling of username change, first version of the GitHub Application, new rules for Python, Java and Swift
Read Blog >
A Salesmans Code Execution: PrestaShop 1.7.2.4
PrestaShop is one of the most popular e-commerce solutions. We detected a highly critical vulnerability that allows to execute arbitrary code on any installation with version <= 1.7.2.4. In this technical blog post we present the vulnerability and the exploitation technique that could have been misused by attackers (CVE-2018-20717).
Read Blog >
LimeSurvey 2.72.3 - Persistent XSS to Code Execution
We detected two vulnerabilities in LimeSurvey < 2.72.3: An unauthenticated persistent cross-site scripting vulnerability (CVE-2017-18358) and an authenticated arbitrary file write vulnerability which can be chained.
Read Blog >