Hospital's Patient Records Management System v1.0 - 'id' SQL Injection (Authenticated)

Introduction During a focused review of HPRMS v1.0, I set out to evaluate the integrity of its record-view workflow inside the admin area—specifically how user-controlled identifiers are validated ...

Dec 30, 2021 Infosec, CVE, Research

Hospitals Patient Records Management System v1.0 — IDOR (Account Takeover)

Introduction I reviewed HPRMS v1.0 to assess how its admin area handles identity and authorization in routine CRUD flows. Applications with profile-edit features often expose object identifiers dir...

Dec 20, 2021 Infosec, CVE, Research

CVE-2021-44228 (Log4Shell) — Field Notes from a Focused Web-App Review

Introduction In late 2021 I revisited one of our Java web applications to validate exposure to Log4Shell. My goal was pragmatic: verify if any user-controlled input was reaching Log4j without stric...

Dec 13, 2021 Infosec, CVE, Research

WordPress Advanced Ticket System < 1.0.64 — Authenticated Stored XSS in Ticket Metadata

Introduction While reviewing help-desk and ticketing plugins for WordPress, I focused on how user-supplied ticket metadata is validated before being stored and rendered. These flows often accept m...

Oct 1, 2021 Infosec, CVE, Research

WP Ticket (Customer Service Software & Support Ticket System) < 5.10.4 — Admin+ Stored XSS via Unsanitized List Fields (CVE-2021-24622)

Introduction I set out to review helpdesk/ticketing plugins that are frequently installed in intranets and customer portals—places where strict role boundaries exist and unfiltered_html is commonly...