Recent content by cyanidee

Not a bug Security issue?

Hello Kirby, I am glad for your answer however I am a bit skeptical about your claims of having an admin account could do pretty much anything. Can you perhaps give me some code to put in a template that can read files, any type of SSRF or anything remotely similar (not including XSS)?
- cyanidee
- Post #5
- Feb 2, 2025
- Forum: Resolved bug reports
Not a bug Security issue?

I have read the CVE report you provided and it is different to the exploit I have found and is not the same at all. The CVE you mentioned was an XSS vulnerability which was executed on the client side, which in the worst case scenario would be able to steal a users cookies or edit the page to...
- cyanidee
- Post #4
- Feb 2, 2025
- Forum: Resolved bug reports
Not a bug Security issue?

Exploit possibilities: Arbitrary File Read : Access and exfiltrate sensitive files on the server, such as config.php (containing database credentials) and /etc/passwd. Server-Side Request Forgery (SSRF) : Bypass firewalls, access internal systems, and retrieve the origin IP address of the server...
- cyanidee
- Thread
- Feb 2, 2025
- 0day exploit security vulnerability
- Replies: 7
- Forum: Resolved bug reports

We value your privacy

We use essential cookies to make this site work, and optional cookies to enhance your experience.

See further information and configure your preferences

Accept all cookies Reject optional cookies
Essential cookies

These cookies are required to enable core functionality such as security, network management, and accessibility. You may not reject these.

Optional cookies

We deliver enhanced functionality for your browsing experience by setting these cookies. If you reject them, enhanced functionality will be unavailable.

Third-party cookies

Cookies set by third parties may be required to power functionality in conjunction with various service providers for security, analytics, performance or advertising purposes.

Detailed cookie usage

Privacy policy

Top Bottom