NOTES · CYBERSECURITY · EST. 2025

RE:SØURCE

Notes and technical writeups on malware campaigns and web-application vulnerabilities, based on real cases encountered in the field.

Cover Image for CVE-2026-34747 - Payload CMS SQL Injection

S.04 · FEATURED2026-06-06

CVE-2026-34747 - Payload CMS SQL Injection

An SQL injection in Payload CMS exposes the underlying database through a single crafted request.

CVE · SQLI · PAYLOAD · WEBAPPREAD ↗

Author

Arkadiusz Marta

Stories · 2026

4

Focus areas

MALWARE · WEBAPP

More from the archive.

2 RECENT POSTS

Cover Image for CVE-2026-28501 - AVideo Unauthenticated SQL Injection

S.03 · 2026-04-27

CVE-2026-28501 - AVideo Unauthenticated SQL Injection

A critical SQL injection in AVideo allows unauthenticated remote attackers to exfiltrate the entire database by smuggling a single JSON field past the application's global input sanitizer.

CVESQLIAVIDEOWEBAPP

Cover Image for Ledger Wallet Impersonation Analysis

S.02 · 2026-01-28

Ledger Wallet Impersonation Analysis

Diving into a fake Ledger Live macOS app that tricks users into entering their recovery phrase and silently sends it to an attacker.

MacOSMalwareCrypto-Stealer