Bogdan Calin, Author at Acunetix

Next.js middleware authorization bypass vulnerability: Are you vulnerable?

Bogdan Calin — Tue, 25 Mar 2025 14:41:06 +0000

A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls through a simple header manipulation. This post summarizes what we know about CVE-2025-29927, how you can mitigate the vulnerability, and how Acunetix can help you detect and confirm your organization’s risk.

The post Next.js middleware authorization bypass vulnerability: Are you vulnerable? appeared first on Acunetix.

New Joomla! SQL Injection vulnerability gives attackers full control of your website

Bogdan Calin — Fri, 23 Oct 2015 09:10:41 +0000

A high-severity SQL injection vulnerability has been identified in versions 3.2 through to 3.4.4 of Joomla!. The popular Content Management System (CMS), second only to WordPress with a staggering 6.6% CMS marketshare (as of October 23, 2015, based on a W3Techs’ trend reports runs on an estimated...

The post New Joomla! SQL Injection vulnerability gives attackers full control of your website appeared first on Acunetix.

Blind Out-of-band Remote Code Execution vulnerability testing added to AcuMonitor

Bogdan Calin — Tue, 07 Jul 2015 09:05:17 +0000

Similar to Blind Out-of-band SQL Injection vulnerabilities, AcuMonitor can now detect Blind Out-of-band Remote Code Execution (RCE) vulnerabilities. Let’s consider a vulnerable PHP application that contains the following code $cmd = isset($_GET['1']) ? $_GET['1'] : ''; if ($cmd) { exec('ping -c 1 ' . $cmd);...

The post Blind Out-of-band Remote Code Execution vulnerability testing added to AcuMonitor appeared first on Acunetix.

Blind Out-of-band SQL Injection vulnerability testing added to AcuMonitor

Bogdan Calin — Tue, 07 Jul 2015 09:00:27 +0000

Acunetix AcuMonitor is a free intermediary service that helps detect second-order vulnerabilities (i.e. vulnerabilities that do not provide a response to a scanner during testing) during a scan. AcuMonitor made its debut with Acunetix WVS version 9. Since then, we’ve continuously improved the service and...

The post Blind Out-of-band SQL Injection vulnerability testing added to AcuMonitor appeared first on Acunetix.

XML external entity injection via REST APIs

Bogdan Calin — Fri, 19 Jun 2015 12:29:10 +0000

The new version of Acunetix Web Vulnerability scanner comes with improved support for scanning REST APIs. When Acunetix WVS finds an REST API definition (via a WADL file or from Acunetix DeepScan) it also scans this API resource for XML external entity injection vulnerabilities. If...

The post XML external entity injection via REST APIs appeared first on Acunetix.

How to scan REST APIs using Acunetix WVS version 10

Bogdan Calin — Fri, 19 Jun 2015 07:57:05 +0000

In this blog post I’m going to describe 3 different ways to scan REST APIs using the new version 10 of Acunetix Web Vulnerability Scanner. 1. REST API automatically discovered via Acunetix DeepScan Let’s start with a simple web application that is using REST. It...

The post How to scan REST APIs using Acunetix WVS version 10 appeared first on Acunetix.

Improved support for Ruby on Rails web applications

Bogdan Calin — Thu, 18 Jun 2015 12:02:05 +0000

Aside from better scanning of Java/J2EE web applications, Acunetix WVS version 10 comes with improved support for web applications built using the popular framework Ruby on Rails. A lot of new Rails specific tests were added in the new version. For example, many Rails developers...

The post Improved support for Ruby on Rails web applications appeared first on Acunetix.

Better scanning of Java / J2EE web applications

Bogdan Calin — Thu, 18 Jun 2015 07:14:11 +0000

With the release of Acunetix WVS version 10, we’ve introduced a lot of improvements on how we test Java web applications. Java web applications are notoriously hard to scan automatically for many reasons, the most important one being session management. This type of application will...

The post Better scanning of Java / J2EE web applications appeared first on Acunetix.

BASH Vulnerability leaves IT Experts Shell Shocked!

Bogdan Calin — Thu, 25 Sep 2014 12:55:09 +0000

Yesterday, a critical vulnerability was reported in GNU Bash. Bash is the Bourne Again Shell that is installed on all Linux distributions. The vulnerability is related to the way environment variables are parsed before running the BASH shell. It is possible to create environment variables that include...

The post BASH Vulnerability leaves IT Experts Shell Shocked! appeared first on Acunetix.