{"id":59606,"date":"2025-07-02T09:29:56","date_gmt":"2025-07-02T07:29:56","guid":{"rendered":"https:\/\/www.usd.de\/?p=59606"},"modified":"2025-07-02T09:29:57","modified_gmt":"2025-07-02T07:29:57","slug":"security-advisories-on-agorum-core-open","status":"publish","type":"post","link":"https:\/\/www.usd.de\/en\/security-advisories-on-agorum-core-open\/","title":{"rendered":"Security Advisories on Agorum Core Open"},"content":{"rendered":"\n

The pentest professionals at usd HeroLab<\/a> examined Agorum Core Open during the execution of their pentests<\/a>..<\/p>\n\n\n\n

While analyzing the software Agorum Core, our analysts<\/a> discovered multiple vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication.<\/p>\n\n\n\n

The vulnerabilities were reported to the vendor as part of the Responsible Disclosure Policy<\/a>. Detailed information on the advisories can be found here:<\/p>\n\n\n\n

<\/div>\n\n\n\n
ID<\/th>Product<\/th>Vulnerability Type<\/strong><\/th><\/tr><\/thead>
usd-2025-0021<\/a><\/td>Agorum Core Open<\/td>Improper Neutralization of Special Elements used in a Command (Command Injection) (CWE-77)<\/td><\/tr>
usd-2025-0022<\/a><\/td>Agorum Core Open<\/td>Absolute Path Traversal (CWE-36)<\/td><\/tr>
usd-2025-0023<\/a><\/td>Agorum Core Open<\/td>Plaintext Storage of a Password (CWE-256)<\/td><\/tr>
usd-2025-0024<\/a><\/td>Agorum Core Open<\/td>Improper Restriction of XML External Entity Reference (CWE-611)<\/td><\/tr>
usd-2025-0025<\/a><\/td>Agorum Core Open<\/td>Server-Side Request Forgery (SSRF) (CWE-918)<\/td><\/tr>
usd-2025-0026<\/a><\/td>Agorum Core Open<\/td>Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) (CWE-79)<\/td><\/tr>
usd-2025-0027<\/a><\/td>Agorum Core Open<\/td>Absolute Path Traversal (CWE-36)<\/td><\/tr>
usd-2025-0028<\/a><\/td>Agorum Core Open<\/td>Incorrect Authorization (CWE-863)<\/td><\/tr>
usd-2025-0029<\/a><\/td>Agorum Core Open<\/td>Dependency on Vulnerable Third-Party Component (CWE-1395)<\/td><\/tr>
usd-2025-0030<\/a><\/td>Agorum Core Open<\/td>Unauthenticated Remote Code Execution<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
<\/div>\n\n\n\n
\n\n\n\n

About usd HeroLab Security Advisories<\/h2>\n\n\n\n

In order to protect businesses against hackers and criminals, we must ensure that our skills and knowledge are up to date at all times. Therefore, security research is just as important to our work as is building up a security community to promote an exchange of knowledge. After all, more security can only be achieved if many people take on the task.<\/p>\n\n\n\n

We analyze attack scenarios, which are changing constantly, and publish a series of Security Advisories on current vulnerabilities and security issues \u2013 always in line with our Responsible Disclosure Policy<\/a>.<\/p>\n\n\n\n

Always in the name of our mission: \u201cmore security.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

The pentest professionals at usd HeroLab examined Agorum Core Open during the execution of their pentests.. While analyzing the software Agorum Core, our analysts discovered multiple vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication. The vulnerabilities were reported […]<\/p>\n","protected":false},"author":117,"featured_media":46998,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[373,374,1674,10757],"tags":[14003,378,9169,380,8541,487,381],"class_list":["post-59606","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-en","category-pentests-security-analyses-en","category-security-advisories-en","category-usd-herolab-en","tag-agorum-core-open-en","tag-pentest-en","tag-pentesting-en","tag-security-advisories-en","tag-security-advisory-en","tag-security-analysis-en","tag-security-research-en"],"_links":{"self":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/59606","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/users\/117"}],"replies":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/comments?post=59606"}],"version-history":[{"count":4,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/59606\/revisions"}],"predecessor-version":[{"id":59617,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/59606\/revisions\/59617"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media\/46998"}],"wp:attachment":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media?parent=59606"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/categories?post=59606"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/tags?post=59606"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}