PutYourLightsOn: Common Security Vulnerabilities in Craft CMS Plugins

Ben Croker hat die größten Sicherheits-Schwachstellen von Craft CMS Plugins in einem Artikel zusammengefasst. Er geht dabei auf Themen wie Sensitive Data Exposure, Controller Action Permissions und Uncontained Path Access ein.

I’ve said it before and I’ll say it again: never trust user input. This is one of the golden rules of security, yet when designing plugin APIs, we often tend to favour flexibility over restriction, which can get us into trouble if we are unaware of the data or endpoints we are exposing.
Ben Croker