Information Security Analyst at ASTRA
Specializing in Vulnerability Assessment
Contact Form 7 version 5.3.1 and below were found to be vulnerable to unrestricted file upload vulnerability while testing a customer’s website. Contact Form 7 version 5.3.2 with a fix was released on December 17, 2020. CVE-2020-35489 Summary...
Over time, I have received multiple messages in social media platforms such as Twitter and LinkedIn, and here on my website, asking me for advice/tips on getting started in the Cybersecurity field. Much of the confusion about getting started in this...
While testing the Genexis Platinum 4410 home router version 2.1 (software version P4410-V2-1.28), I was able to find that the router is vulnerable to Broken Access Control and CSRF. CVE-2020-25015 Summary Platinum 4410 is a compact router from...
On testing the popular log monitoring and management application, Nagios Log Server version 2.1.6 (latest at the time of testing), I found that it is vulnerable to Stored XSS attacks. CVE-2020-16157 Summary Nagios Log Server is a popular Centralized...
During the audit on an OpenCart website belonging to one of our Astra customers, Journal theme version 3.0.46 and below were found to expose sensitive data through SQL errors at a vulnerable endpoint. Journal version 3.1.0 fixing the issue was...
Some of the security issues commonly seen on a website can be taken care of using the .htaccess (hypertext access) file. In this article, I am gonna be showing the .htaccess configuration from my WordPress website and explain the security issues...
