Indian academic bookseller Oswaal Books fixes alleged RCE and other serious vulnerabilities with Shopify relaunch


According to a security researcher, flaws in the ecommerce domain of Indian bookseller Oswaal Books could have allowed attackers to take control of the website.

By gaining control of the administrator account via SQL injection, the researcher was able to perform RCE, bypass OTP authentication, and discover a CSRF bug.

Read More…