High-Tech Bridge (HTB) released several security advisories that cover issues with ITIL ITSM open source software and several popular web applications.
Potentially the most harmful flaw found by HTB was in software created by Dating Pro, which allows companies to create and operate their own dating websites and is currently used by about 10,000 active dating services. The problem, if exploited, could allow a bad actor to take over administrator rights for a site running the software gaining total access to the user’s private data. The issue affects version PZQ581DPT0 and probably prior, according to HTB.
The company was informed of the problem, but has not yet issued a fix.
Another vulnerability tackled by HTB, concerns Combodo’s iTop app, version 2.2.1 and probably prior, that can allow cybercriminals to compromise a system gaining full access to the app and its associated databases. Combodo has been notified, but has not yet resolved the issue. A fix has not yet been issued.
The final vulnerability HTB spotted was with Exponent’s open-source CMS product, which was patched by the company shortly after it was notified. The patch fixed problems with versions 2.3.7 and 2.3.7 patch 1 and patch 2, Exponent reported. HTB had found the software could allow remote code execution resulting in a total compromise of the site.