Acunetix version 12 (build 12.0.190227132 – Windows and Linux) has been released. This new build includes a good number of new vulnerability checks, including checks for the recently discovered Drupal Remote Code Execution vulnerability, another RCE in ThinkPHP, Local File Inclusion vulnerabilities in vBulletin and Typo3, Unauthorized Access vulnerabilities in FastGI and uWSGI and new vulnerability checks for WordPress Core, WordPress Plugins and Drupal Core. The new vulnerability checks, updates and fixes are available for both Windows and Linux.
New Vulnerability Checks
- Test for Drupal REST Remote Code Execution (CVE-2019-6340)
- Tests for vBulletin 5 routestring Local File Inclusion Vulnerability
- Tests for ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability
- Tests for uWSGI Unauthorized Access Vulnerability
- Tests for FastCGI Unauthorized Access Vulnerability
- Test for Typo3 Restler 1.7.0 Local File Disclosure
- A number of new vulnerability checks for WordPress Core and Plugins and Drupal Core
Updates
- Update Source Code Disclosure checks to prevent False Positives
- Unused paths are now filtered from AcuSensor data
Fixes
- Fixed false positive in Expression Language Injection vulnerability check
- Fixed issue in LSR / Deepscan when processing scripts overriding to JSON on Object
Upgrade to the latest build
If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.
If you are using a previous version of Acunetix, you need to download Acunetix version 12 from here. Use your current Acunetix License Key to download and activate your product.
Get the latest content on web security
in your inbox each week.
THE AUTHOR
Principal Program Manager
