Login

Tag Archives: Zielke Specialized Catalog

22 Apr 2019

Our Proactive Monitoring Caught an Arbitrary File Upload Vulnerability Returning to Zielke Specialized Catalog

On April 10 we detailed for our customers an arbitrary file upload vulnerability that had been in the plugin Zielke Specialized Catalog and some of the odd circumstances surrounding that. A week later a new version of the plugin was released that restores the vulnerability, which we noticed through our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities, and again it isn’t clear exactly what was going on there.

In the most recent of the plugin the file /ajax/ajax_backend_product_upload.php was changed to: [Read more]

10 Apr 2019

Vulnerability Details: Arbitrary File Upload in Zielke Specialized Catalog

Recently, in looking into what might explain how plugins end up with serious vulnerabilities that hackers would be likely to exploit, what we have been seeing is that developers of those plugins are making numerous coding errors and clearly not testing their code. That was the case of the code that got flagged in Zielke Specialized Catalog by our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities.

[Read more]