Home
About
Contact
Projects
Blog
CVE

iltosec

Offensive Security Engineer — OSCP+ | OSWE | CRTO | eWPTXv2 | TSE | SRT

127.0.0.1

iltosec@hotmail.com

@iltosec

@iltosec

@ali-iltizar

Home

Articles with the CMS Tag

EspoCRM v9.3.4 Authenticated Remote Code Execution via Malicious Extension Upload

ESPOCRM V9.3.4 AUTHENTICATED REMOTE CODE EXECUTION VIA MALICIOUS EXTENSION UPLOAD

Explore the technical analysis of the Authenticated Remote Code Execution (RCE) vulnerability in EspoCRM <= v9.3.4. Learn how malicious extension …...

13 Apr 2026 ALI İLTIZAR
Reading Time: 3 min Views: 195

.NET Deserialization Leading to Remote Code Execution (CVE-2019-18211)

.NET DESERIALIZATION LEADING TO REMOTE CODE EXECUTION (CVE-2019-18211)

This blog post explains the black-box exploitation of Composite C1 CMS via CVE-2019-18211. The deserialization vulnerability in the EntityTokenSerializer class …...

15 Aug 2025 ALI İLTIZAR
Reading Time: 3 min Views: 983

Host Header Injection Vulnerability in Plone CMS 6.0.13 - A Security Risk for Password Reset Process

HOST HEADER INJECTION VULNERABILITY IN PLONE CMS 6.0.13 - A SECURITY RISK FOR PASSWORD RESET PROCESS

Learn about the Host Header Injection vulnerability in Plone CMS 6.0.13, its impact on password reset emails and URL redirection, …...

27 Nov 2024 ALI İLTIZAR
Reading Time: 4 min Views: 1419

Django CMS 4.1.3 Stored XSS Vulnerability: Exploiting the Page Title Field

DJANGO CMS 4.1.3 STORED XSS VULNERABILITY: EXPLOITING THE PAGE TITLE FIELD

CVE-2024-11319 Discover the stored XSS vulnerability in Django CMS 4.1.3 that affects the Page Title field. Learn about the security …...

11 Nov 2024 ALI İLTIZAR
Reading Time: 3 min Views: 4063

««
«
1
»
»»

© 2025 iltosec. All rights reserved.