STAR Labs

We are a Singapore company providing cyber security services. Our aim is to enable organizations to better prepare and protect themselves against the ever-evolving threat of cyber attacks.

(CVE-2023-2315) Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2

Summary: Product OpenCart Vendor OpenCart Severity High - Adversaries may exploit software vulnerabilities to empty any file on the server with write permissions. Affected Versions 4.0.0.0 - 4.0.2.2 Tested Version(s) 4.0.2.2 CVE Identifier CVE-2023-2315 CVE Description Path traversal in Opencart versions 4.0.0.0 to 4.0.2.2 allows authenticated backend users to empty any existing file on the server with write permissions....

September 18, 2023 · 6 min · Poh Jia Hao (@Chocologicall)

(CVE-2023-32523) Trend Micro Mobile Security (Enterprise) 9.8 SP5 (<= Critical Patch 3) Unauthenticated RCE

Summary: Product Trend Micro Mobile Security (Enterprise) 9.8 SP5 Vendor Trend Micro Severity Critical Affected Versions Trend Micro Mobile Security (Enterprise) 9.8 SP5 (<= Critical Patch 3) Tested Version(s) Trend Micro Mobile Security (Enterprise) 9.8 SP5 (Critical Patch 3) CVE Identifier CVE-2023-32523 CVE Description Improper implementation of the authentication mechanism results in authentication bypass for affected installations of Trend Micro Mobile Security (Enterprise) 9....

August 22, 2023 · 8 min · Poh Jia Hao (@Chocologicall)

(CVE-2023-32524) Trend Micro Mobile Security (Enterprise) 9.8 SP5 (<= Critical Patch 3) Unauthenticated RCE

Summary: Product Trend Micro Mobile Security (Enterprise) 9.8 SP5 Vendor Trend Micro Severity Critical Affected Versions Trend Micro Mobile Security (Enterprise) 9.8 SP5 (<= Critical Patch 3) Tested Version(s) Trend Micro Mobile Security (Enterprise) 9.8 SP5 (Critical Patch 3) CVE Identifier CVE-2023-32524 CVE Description Improper implementation of the authentication mechanism results in authentication bypass for affected installations of Trend Micro Mobile Security (Enterprise) 9....

August 22, 2023 · 8 min · Poh Jia Hao (@Chocologicall)

(CVE-2023-32529) Trend Micro Apex Central 2019 (<= Build 6016) Authenticated RCE

Summary: Product Trend Micro Apex Central 2019 Vendor Trend Micro Severity High Affected Versions Apex Central 2019 Build <= 6016 Tested Version(s) Apex Central 2019 Build 6016 CVE Identifier CVE-2023-32529 CVE Description Missing input validation in Apex Central 2019 Build 6016 and below uses user-supplied certificate values to construct a part of a SQL query that is executed in the DeleteCertById() function....

August 22, 2023 · 6 min · Poh Jia Hao (@Chocologicall)

(CVE-2023-32530) Trend Micro Apex Central 2019 (<= Build 6016) Authenticated RCE

Summary: Product Trend Micro Apex Central 2019 Vendor Trend Micro Severity High Affected Versions Apex Central 2019 Build <= 6016 Tested Version(s) Apex Central 2019 Build 6016 CVE Identifier CVE-2023-32530 CVE Description Missing input validation in Apex Central 2019 Build 6016 and below uses user-supplied certificate values to construct a part of a SQL query that is executed in the AddCert() function....

August 22, 2023 · 7 min · Poh Jia Hao (@Chocologicall)

(CVE-2023-38624) Trend Micro Apex Central 2019 (<= Build 6394) Authenticated SSRF

Summary: Product Trend Micro Apex Central 2019 Vendor Trend Micro Severity High Affected Versions Apex Central 2019 Build <= 6394 Tested Version(s) Apex Central 2019 Build 6394 CVE Identifier CVE-2023-38624 CVE Description Missing input validation in Apex Central 2019 Build 6394 and below uses user-supplied values to perform a server-side request in a function in modTMSL....

August 22, 2023 · 7 min · Poh Jia Hao (@Chocologicall)

(CVE-2023-38625) Trend Micro Apex Central 2019 (<= Build 6394) Authenticated SSRF

Summary: Product Trend Micro Apex Central 2019 Vendor Trend Micro Severity High Affected Versions Apex Central 2019 Build <= 6394 Tested Version(s) Apex Central 2019 Build 6394 CVE Identifier CVE-2023-38625 CVE Description Missing input validation in Apex Central 2019 Build 6394 and below uses user-supplied values to perform a server-side request in a function in modDeepSecurity....

August 22, 2023 · 7 min · Poh Jia Hao (@Chocologicall)