Sonar Blog

Home

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
AI generated code is detected in project
A new PHP exploit technique affects the most famous forum software phpBB3. The vulnerability allows attackers who gain access to an administrator account to execute arbitrary PHP code and...
Blog post

phpBB 3.2.3: Phar Deserialization to RCE

A new PHP exploit technique affects the most famous forum software phpBB3. The vulnerability allows attackers who gain access to an administrator account to execute arbitrary PHP code and to take over the entire board (CVE-2018-19274).

Read Blog post >

Image for WordPress Design Flaw Leads to WooCommerce RCE
Blog post

WordPress Design Flaw Leads to WooCommerce RCE

WordPress Design Flaw Leads to WooCommerce RCEA flaw in the way WordPress handles privileges can lead to a privilege escalation in plugins. This affects for example the popular WooCommerce.

Read Blog post >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

A very common and critical vulnerability in PHP applications is PHP Object Injection. This blog post explains how they work and how they can lead to a full site takeover by remote attackers.
Blog post

PHP Object Injection

A very common and critical vulnerability in PHP applications is PHP Object Injection. This blog post explains how they work and how they can lead to a full site takeover by remote attackers.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Fully Automated Promotion Pipelines with SonarQube Server and Artifactory

Catch builds constructed from poor quality code before they make it to production. Discover how to integrate Artifactory and SonarQube Server.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

My Journey Interviewing with SonarSource...

What's it like to interview with SonarSource? Read on and find out!

Read Blog post >

Last week a new exploitation technique for PHP applications was announced at the BlackHat USA conference. Find out everything you need to know in this blog post.
Blog post

What is Phar Deserialization

Last week a new exploitation technique for PHP applications was announced at the BlackHat USA conference. Find out everything you need to know in this blog post.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Protect your code against injection vulnerabilities with SonarQube Cloud!

Injection security vulnerabilities (OWASP-A1) can run scared, as latest SonarQube Cloud updates now provide advanced security checks to continuously detect them.

Read Blog post >

In this blog post we introduce an authenticated arbitrary file deletion vulnerability (CVE-2018-20714) in the WordPress core that can lead to attackers executing arbitrary code.
Blog post

WordPress File Delete to Code Execution

In this blog post we introduce an authenticated arbitrary file deletion vulnerability (CVE-2018-20714) in the WordPress core that can lead to attackers executing arbitrary code.

Read Blog post >

In this post we will examine the technical intrinsics of a critical vulnerability in the previous Moodle release (CVE-2018-1133).
Blog post

Evil Teacher: Code Injection in Moodle

In this post we will examine the technical intrinsics of a critical vulnerability in the previous Moodle release (CVE-2018-1133).

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Import issues of your favorite linters in SonarQube Cloud!

Over the past 2 weeks, the following new features were deployed on SonarQube Cloud: import of issues from external linters with built-in support for TypeScript projects, support for the Go language, graceful handling of username change, first version of the GitHub Application, new rules for Python, Java and Swift

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

A Salesmans Code Execution: PrestaShop 1.7.2.4

PrestaShop is one of the most popular e-commerce solutions. We detected a highly critical vulnerability that allows to execute arbitrary code on any installation with version <= 1.7.2.4. In this technical blog post we present the vulnerability and the exploitation technique that could have been misused by attackers (CVE-2018-20717).

Read Blog post >