Blog posts
Ambionics / Web Exploitation

Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801)

Wed 12 March 2025

Exploitation of multiple vulnerabilities in GLPI to gain remote code execution from unauthenticated privileges.

Read more
Ambionics / Web Exploitation

Jupiter X Core Plugin <= 4.6.5 Remote Code Execution (CVE-2024-7772)

Thu 26 September 2024

A pre-authentication remote code execution vulnerability was found on Jupiter X Core Plugin <= 4.6.5 (CVE-2024-7772).

Read more
Ambionics / Web Exploitation

Owncloud: details about CVE-2023-49103 and CVE-2023-49105

Mon 04 December 2023

We provide details about CVE-2023-49103 and CVE-2023-49105

Read more
Ambionics / Web Exploitation

Unserializable, but unreachable: Remote code execution on vBulletin

Tue 31 January 2023

Ambionics Security team discovered a pre-authentication remote code execution in vBulletin 5.6.9.

Read more
Ambionics / Web Exploitation

Laravel <= v8.4.2 debug mode: Remote code execution

Tue 12 January 2021

Ambionics Security team discovered an RCE in Laravel, when the framework is in debug mode.

Read more
Ambionics / Web Exploitation

Remote code execution on Sqreen: exploiting the microagent

Thu 19 November 2020

Ambionics Security team discovered a heap overflow that results in remote code execution on Sqreen's microagent.

Read more