ERNW is an independent IT Security service provider based in Heidelberg, Germany. Since its founding in 2001, our focus has been on consulting and testing in all areas of IT security, unallied from outside shareholders and a need to sell products. This independence and self-accountability drives us, as a company, to adhere to a higher standard of professional conduct and development.
Get the latest Informations about technical topics within the IT-Security Community and a lot of special insights. Sign up now for our Whitepaper Newsletter:
Thank you for signing up! You’ll receive a notification from out mailinglist manager to finally opt you in.
OpenSIS is an open source student information system. Recently, it was affected by several vulnerabilities such as SQL injections, local file inclusions and incorrect access controls (CVE-2020-13380, CVE-2020-13381, CVE-2020-13382, CVE-2020-13383). That is why I got interested and also had a quick look at the application. As part of this investigation, I discovered two vulnerabilities, an […]