Get a Pentest and security assessment of your IT network.

Cyber Security

SEMrush Plugs Remote Code Execution Bug in Its SaaS Platform

Web analytics firm SEMrush patched a remote code execution vulnerability that allowed attackers to open a reverse shell that could be used to attack the service. The bug was tied to SEMrush s Report Builder feature that allows users to generate custom web analytics reports using their own branding. The problem was how SEMrush handled logo images uploaded to the platform and the use of an unpatched version of ImageMagick, a web service used to process images. SEMrush said the impact was limited to an isolated portion of its main platform.

Source: https://threatpost.com/semrush-plugs-remote-code-execution-bug-in-its-saas-platform/146003/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation