Back to directory

WRITEUP #1284

Multiple Critical Vulnerabilities In Strapi Versions <=4.7.1

Auth BypassAuthentication bypassSSTIRCEAmazon cognito misconfigurationInformation disclosure

by@GhostCcamm(GhostCcamm)

Program

Strapi

Published

Apr 17, 2023

Added to HackDex

Apr 24, 2023

Read Full Writeuphttps://www.ghostccamm.com/blog/multi_strapi_vulns/

▸ RELATED WRITEUPS

Breaking the Barrier: Admin Panel Takeover Worth $3500

Auth BypassAuthentication bypass

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

Vulnerabilities in Homepage Dashboard

WPML Multilingual CMS Authenticated Contributor+ Remote Code Execution (RCE) via Twig Server-Side Template Injection (SSTI)

$1600 Bounty on a Main Domain

ReconSession fixation

Built with ❤️ by Shubham Rawat