Application Security

CVE-2024-29320: SQL Injection in Wallos

Introduction An open-source personal subscription tracker, Wallos designed to empower people to manage their finances with ease. Wallos is written in PHP with a SQLite database, it has over 1.000 stars in GitHub and over 100.00 downloads for its Docker image. A quick search on Shodan reveals at least 66 Read more…

By Matheus Boschetti, 8 monthsApril 4, 2024 ago

Application Security

CVE-2024-27613: Arbitrary File Manipulation in Numbas

Introduction Developed by Newcastle University’s School of Mathematics, Statistics, and Physics, Numbas is an open-source e-assessment/e-learning system. According to its website, Numbas is used in over 1.000 institutions worldwide and has been in use for over a decade. It is written using mainly JavaScript and Python with Django, with a Read more…

By Matheus Boschetti, 8 monthsMarch 15, 2024 ago