Share JWT Validation Failure In Jupyter Hub, Arbitrary File Upload and SQL Injection in Mattermost, Path Traversal File Deletion in Mautic, Desrialization Of Untrusted Data in MetaSlider and more

Copy link

February 27, 2025

JWT Validation Failure In Jupyter Hub, Arbitrary File Upload and SQL Injection in Mattermost, Path Traversal File Deletion in Mautic, Desrialization Of Untrusted Data in MetaSlider and more

18 minutes

Week ending 27th Feb, 2025.

Key vulnerabilities to be discussed include:

JWT Validation Failure in JupyterHub
Arbitrary File Upload and SQL Injection in Mattermost, where versions of Mattermost are failing to properly validate board blocks when importing boards and failing to use prepared statements in SQL queries
Path Traversal File Deletion in Mautic, where improper handling of path components allows authenticated users to manipulate file deletion processes
Deserialization of Untrusted Data in MetaSlider, potentially leading to object injection

The podcast will also cover unrestricted file uploads, authentication bypasses, and SQL injection flaws in systems like GreaterWMS, Everest Forms, XOne Web Monitor and Tenda routers.

...more

View all episodes

By SecurityPod