New build checks for Drupal RCE, ThinkPHP RCE, vBulletin LFI and Typo3 Restler LFI
Acunetix version 12 (build 12.0.190227132 – Windows and Linux) has been released. This new build includes a good number of new vulnerability checks, including checks for the recently discovered Drupal Remote Code Execution vulnerability, another RCE in ThinkPHP, Local File Inclusion vulnerabilities in vBulletin and Typo3, Unauthorized Access vulnerabilities in FastGI and uWSGI and new vulnerability checks for WordPress Core, WordPress Plugins and Drupal Core. The new vulnerability checks, updates and fixes are available for both Windows and Linux.
New Vulnerability Checks
- Test for Drupal REST Remote Code Execution (CVE-2019-6340)
- Tests for vBulletin 5 routestring Local File Inclusion Vulnerability
- Tests for ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability
- Tests for uWSGI Unauthorized Access Vulnerability
- Tests for FastCGI Unauthorized Access Vulnerability
- Test for Typo3 Restler 1.7.0 Local File Disclosure
- A number of new vulnerability checks for WordPress Core and Plugins and Drupal Core
Updates
- Update Source Code Disclosure checks to prevent False Positives
- Unused paths are now filtered from AcuSensor data
Fixes
- Fixed false positive in Expression Language Injection vulnerability check
- Fixed issue in LSR / Deepscan when processing scripts overriding to JSON on Object
*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Nicholas Sciberras. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/Al2V26qwgkw/