CMS
Sitecore CMS exploit chain starts with hardcoded ‘b’ password
A chain of Sitecore Experience Platform (XP) vulnerabilities allows attackers to perform remote code execution (RCE) without authentication to breach and hijack servers. Sitecore is a popular enterprise CMS used by businesses to create and manage content across websites and digital media. Discovered by watchTowr researchers, the pre-auth RCE chain disclosed today consists of three distinct […]
Craft CMS RCE exploit chain used in zero-day attacks to steal data
Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. The vulnerabilities were discovered by Orange Cyberdefense’s CSIRT, which was called in to investigate a compromised server. As part of the investigation, they discovered that two zero-day vulnerabilities impacting Craft CMS […]