in cve, sql-injection 29-Jan-2026

CVE-2025-10878 | SQL Authentication Bypass in Fikir Odaları AdminPando

CVE-2025-10878

SQL Authentication Bypass in Fikir Odaları AdminPando

Summary

Field	Value
CVE ID	CVE-2025-10878
Product	Fikir Odaları AdminPando
Vendor	Omran İnşaat A.Ş.
Vulnerable URL	https://www.omran.com.tr/admin/logIn.php
Affected Version	v1.0.1 (and possibly earlier)
Vulnerability Type	CWE-89: SQL Injection
CVSS v3.1 Score	10.0 (Critical)
CVSS Vector	AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Patch Date	2026-01-26
Researcher	Onurcan Genç

Description

A SQL injection vulnerability exists in the login functionality of Fikir Odaları AdminPando v1.0.1. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely.

in 18-Oct-2025

CVE-2025-60507 | Moodle GeniAI Plugin: Reflected & Stored XSS via PDF Upload & Prompt Injection

Important: These PoCs are for an isolated, consented test environment only (e.g., local Bitnami Moodle Docker). Do not run tests against production or third-party systems. Use non-exfiltrative payloads (e.g., alert('stored-xss')) for public demonstrations. Redact any real usernames/hostnames in screenshots before publishing.

Summary

This PoC demonstrates three related vectors observed during testing of local_geniai v2.3.6:

Stored XSS via an uploaded PDF resource that is exposed as an unsanitized clickable link by the assistant.
Reflected XSS via chatbot input that is returned/rendered unsanitized in the chat UI.
LLM-assisted delivery / Prompt Injection where the assistant (LLM) returns HTML/raw links which can be used to deliver stored payloads to other users.

During testing the following public PDF collection was used as the uploaded file source (lab-only): https://github.com/luigigubello/PayloadsAllThePDFs/blob/main/pdf-payloads/starter_pack.pdf

in Cybersecurity, responsibledisclosure, Cybersecurity, Penetration Testing 17-Oct-2025

CVE-2025-60506 | Stored Cross-Site Scripting (XSS) in Moodle PDF Annotator plugin (v1.5 release 9)

Summary

Vulnerability: Stored Cross-Site Scripting (XSS) in Moodle PDF Annotator plugin (mod_pdfannotator) — Public Comments rendering.
CVE: CVE-2025-60506 (assigned)
Discoverer: Onurcan Genç — Independent Security Researcher
Tested environment: Bitnami Docker image for Moodle 4.x
Plugin: mod_pdfannotator v1.5 (release 9, build 2025090300)
Browser used during testing: Chrome (headless / visible)

Vulnerability Summary

The Public Comments feature in the PDF Annotator plugin fails to properly sanitize user-supplied input before rendering it inside the PDF viewer’s comment panel. A low-privileged authenticated user (e.g., Student) can inject HTML/JavaScript into the Public Comments field; that content is stored and later executed in the browsers of other users (Student, Teacher, Admin) when they open the annotated PDF.

in ResponsibleDisclosure, OffensiveSecurity, Moodle, PenetrationTesting 17-Oct-2025

IDOR in Moodle OpenAI Chat Block (block_openai_chat) | Proof of Concept (PoC) – CVE-2025-60511

Vulnerability Summary

Vulnerability Type: Insecure Direct Object Reference (IDOR)
Component: Moodle – OpenAI Chat Block Plugin (block_openai_chat) v3.0.1 (Build: 2025021700)
Endpoint: /blocks/openai_chat/api/completion.php
Vulnerable Parameter: blockId
Impact: Information Disclosure, Privilege Escalation, Potential Model Misuse
Attack Prerequisites: Authenticated low-privileged user (e.g., student or teacher)

Technical Description

The completion.php endpoint uses the blockId parameter to determine which chat block configuration (prompt templates, source of truth entries, model settings) to use when processing OpenAI completions.

in ResponsibleDisclosure, Cybersecurity, CVE, MITRE, OffensiveSecurity 10-Sep-2025

CVE-2025-57520 – Stored XSS in Decap CMS (<= 3.8.3)

This vulnerability has been assigned CVE-2025-57520 by MITRE.

Vulnerability Summary

Vulnerability Type: Stored Cross-Site Scripting (XSS)
Affected Versions: Decap CMS <= 3.8.3
Affected Component: Admin Panel → Content Preview Renderer (title, tags, description, body)
Impact: Session hijacking, credential theft, arbitrary JavaScript execution in privileged user context
Discoverer: Onurcan Genç – Independent Security Researcher

Scenario Flow

Contributor (low privilege) injects a malicious payload into a blog entry.
Editor/Admin (high privilege) later opens the entry in the preview panel.
The payload executes in the privileged user’s browser context.

The vulnerability was verified under both contributor and editor roles. The most severe impact is observed when an admin user views the malicious entry in preview mode, leading to stored XSS execution in the privileged context.

in Cybersecurity, Project, OffensiveSecurity 07-Sep-2025

NucAIScan: An AI-Powered Web Application Security Scanner

Hello everyone! About a week ago, I started working on a new idea that turned into a project I now call NucAIScan. Initially, I had no plans to build anything related to offensive security or cyber threat intelligence since my main focus was preparing for the eWPTX exam. But sometimes, inspiration shows up when you least expect it.

During a holiday break, a bug bounty friend of mine said:

“If we could automate scanners like Acunetix for large scopes, we could literally earn rewards just by running them and submitting the results.”

in Cybersecurity, eWPT, Cybersecurity, Penetration Testing 29-Aug-2025

eWPT Exam Guide: Strategies, Study Materials, and Final Takeaways

Hi everyone! In this article, I’d like to share my eWPT (eLearnSecurity Web Application Penetration Tester) exam experience. I’ll walk you through my expectations before the test, my exam-day approach, the materials I used to prepare, and some final thoughts.

Overall, the exam does a good job covering what a web application penetration tester should know. However, it is heavily focused on CMS exploitation (WordPress, Drupal, Joomla), which doesn’t always reflect the wide variety of applications we encounter in real-world scenarios.