An high risk vulnerability reported by me and Mathew Nash, affecting Oracle Hyperion Financial Reporting Web Studio - possibly all versions up to 18.104.22.168
- What can be more exciting than being authorized to test one of the most hyped companies in 2016?
- The JNews component was found to be vulnerable to SQL Injection affecting multiple pages.
- The AcyMailing component was vulnerable to SQL Injection on the export controller. This was another issue discovered by me, Filipe and Vitor while we were looking for low-hanging fruits in the TOP Joomla plugins.
- JEvents component was vulnerable to SQL Injection on new events functionality. This vulnerability was located inside the backoffice.