Acunetix Premium - v24.4.240427095

New features

• Added the ability to link an API definition URL for adding paths to a target before scanning. Read more about how to add paths to targets and how this helps scanning.

New security checks

• XWiki Platform RCE (CVE-2023-37462)
• Dolibarr DB Theft (CVE-2023-33568)
• ChatGPT-Next-Web SSRF (CVE-2023-49785)
• OpenMetadata Auth Bypass (CVE-2024-28255)
• Progress Kemp LoadMaster RCE (CVE-2024-1212)
• Coldfusion Arbitrary File Read (CVE-2024-20767)

Improvements

• Fixed the password reset tool for Windows for Acunetix On-Premises
• .NET Core IAST Sensor: Removed dependency on NLog
• Various improvements in Deepscan, lessening the time to process pages / SPAs
• Deepscan updated to not interact with Google Maps
• Updated detection for monitoring systems
• Updated detection of web installers

Fixes

• Correct warning is now displayed when attempting to add more than permitted target variations
• Addressed several usability and design issues across application settings
• Fixed a possible problem starting OpenVAS scans with Acunetix On-Premises
• Design updates for User settings in Acunetix Online
• Fixed an issue in the PHP sensor affecting PHP 8.1+ web applications
• For users in a User Group, target group assignment is properly applied under all scenarios
• Fixed a user permission issue when using custom roles
• Invite emails from Acunetix On-Premises for Linux are properly displaying content now
• Fixed the OOM (out of memory) problem when processing large PDF files