https://johnjhacking.com/categories/cves/ Recent content in CVEs on Hack the Galaxy Hugo -- gohugo.io en-gb Fri, 23 Oct 2020 18:00:00 +0000 https://johnjhacking.com/blog/cve-2020-27388/ Fri, 23 Oct 2020 18:00:00 +0000 https://johnjhacking.com/blog/cve-2020-27388/ Potential Abuse on a hooked Function There is a potential for abuse with any plugins that implement the hook function ‘shunt_is_valid_user’. In the code below we simply demonstrate that authentication can be completely bypassed by returning TRUE in the hooked function. This would be an ideal place for a stealthy backdoor or any other malicious code. It should be noted that this itself is not a vulnerability, but has a potential to be misused and plugins that use this hook should be checked.