ILTOSEC

security research

iltosec

writeups & research

Blog

3 posts

categories

all Rce Xss CVE Ransomware File Upload Bypass Host Header Injection Authentication Bypass SSTI Command Injection Vulnerability Research Cloud AWS Injection

tags

Rce CMS CVE Ransomware File Upload Bypass snipe-it idor authorization-bypass privilege-escalation information-disclosure enumeration misconfiguration aws-s3 SQLI

CVE·Vulnerability Research · CVE

CVE-2026-48492: User Account Enumeration via Missing Authorization in Snipe-IT

Technical breakdown of CVE-2026-48492: A missing authorization flaw in Snipe-IT allowing authenticated users to enumerate accounts via the API.

101 4 3 min read

CVE·File Upload Bypass · CVE·File Upload Bypass

CVE-2024-11404: Medium Severity File Upload Vulnerabilities in django-filer 3.2.3

Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.

4836 2 5 min read

Xss·CVE · CMS·CVE

Django CMS 4.1.3 Stored XSS Vulnerability: Exploiting the Page Title Field

CVE-2024-11319 Discover the stored XSS vulnerability in Django CMS 4.1.3 that affects the Page Title field. Learn about the security risks, exploitation methods, and remediation strategies to protect your site from potential attacks. CVE-2024-11319 stored XSS vulnerability, Django CMS 4.1.3, CVE-2024-11319, JavaScript injection, Django CMS 4.1.3 CVE-2024-11319, admin panel security, Cross-Site Scripting, security patch, CVE, content security policy, input sanitization

4365 15 3 min read