Research | MIBlog

2026

SQL Injection in Backend Filter Widget numberrange Scope via numbersFromAjax

Moderate

GitHub Security Advisory · SQL Injection

The backend Filter widget can be abused for SQL injection when a numberrange scope is configured with a conditions key. An authenticated backend user may inject SQL via the list filter AJAX handler.

Details →

2025

Privilege Escalation: Content Editor to Administrator via Stored XSS

High

Responsible Disclosure · Stored XSS / Privilege Escalation

Found a stored cross-site scripting vulnerability that allows a content editor to escalate privileges to administrator. Malicious JavaScript injected through content fields executes in the context of an admin session, enabling full account takeover.

Unpublished — CVE pending disclosure

Incomplete Twig sandbox patch (CVE-202X-XXXXX bypass) allows data modification, exfiltration, and RCE via unblocked Model and Builder methods

High

Responsible Disclosure · Sandbox Escape / RCE

Identified an incomplete patch for a prior Twig sandbox escape CVE. Unblocked Model and Builder methods remained accessible within the sandbox, enabling data modification, data exfiltration, and remote code execution.

Unpublished — CVE pending disclosure