writeups.xyz / Getting Unauthenticated Remote Code Execution On The Logsign Unified Secops Platform

Submitter : c2a

Date: 1 July 2024

Bounty : undisclosed

Vulnerabilities :

• RCE
• Authentication Bypass
• OS Command Injection
• Security Code Review

Programs :

• Logsign

Authors :

• Yulin Sung
• Mehmet INCE (@Mdisec)

Link :
https://www.zerodayinitiative.com/blog/2024/7/1/getting-unauthenticated-remote-code-execution-on-the-logsign-unified-secops-platform