SmartScanner version 1.11 was released with new tests like Host Header Injection.
Below are the change highlights in this version:
- Host Header Injection
- Insecure Deserialization test for JSON objects, which was added in version 1.10 updated with support for Java and PHP objects.
- WordPress Plugin Wpfilemanager 6.8 RCE, which is listed with CVE-2020-25213 in Known Exploited Vulnerabilities Catalog
- Drupal7 Pre Auth SQLI (CVE-2014-3704)
- Apache mod_proxy 2.4.48 SSRF (CVE-2021-40438), listed Known Exploited Vulnerabilities Catalog
- Support for using the system’s proxy in the scan configurations
- Support for detection of errors in Python libraries like Django, Flask, and Werkzeug
- Vulnerability assessment for outdated PHP, and WordPress
Check out all changes in the changelog
