Blog posts
Ambionics / Web Exploitation

Attacking WSO2 Products

Thu 11 September 2025

Uncovering bypasses, RCE, SSRF, CSRF, and account-takeover vulnerabilities in WSO2 products.

Read more
Ambionics / Web Exploitation

Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801)

Wed 12 March 2025

Exploitation of multiple vulnerabilities in GLPI to gain remote code execution from unauthenticated privileges.

Read more
Ambionics / Web Exploitation

Jupiter X Core Plugin <= 4.6.5 Remote Code Execution (CVE-2024-7772)

Thu 26 September 2024

A pre-authentication remote code execution vulnerability was found on Jupiter X Core Plugin <= 4.6.5 (CVE-2024-7772).

Read more
Ambionics / Web Exploitation

Owncloud: details about CVE-2023-49103 and CVE-2023-49105

Mon 04 December 2023

We provide details about CVE-2023-49103 and CVE-2023-49105

Read more
Ambionics / Web Exploitation

Unserializable, but unreachable: Remote code execution on vBulletin

Tue 31 January 2023

Ambionics Security team discovered a pre-authentication remote code execution in vBulletin 5.6.9.

Read more
Ambionics / Web Exploitation

Laravel <= v8.4.2 debug mode: Remote code execution

Tue 12 January 2021

Ambionics Security team discovered an RCE in Laravel, when the framework is in debug mode.

Read more