RiskSense experts did a great job and examined all the vulnerabilities found between 2010 and 2019. As it turned out, in 55% of cases, attackers exploit vulnerabilities in WordPress and Apache Struts in real attacks.The third most popular hacker is CMS Drupal, followed by Ruby on Rails and Laravel. As for programming languages, the most attacked were vulnerabilities in PHP and Java applications.
In the same way, 66 vulnerabilities were discovered in Django, but only one was exploited. RiskSense researchers expect that hackers will soon turn their eyes to these rising stars of the programming world and at the same tine explore the possibility of exploiting old bugs.
In addition, RiskSense researchers examined the types of exploited vulnerabilities. It turned out that although cross-site scripting (XSS) errors were the most common security errors discovered in the 2010s, they were not the most used.
Now, this title has been awarded various injection related bugs that can be abused to deploy and run your own commands in the context of the victim’s application or OS.
“Vulnerabilities associated with SQL injections, code, and various commands were quite rare, but at the same time they had one of the highest exploitation rates – often more than 50%”, — the experts conclude.
We talked about vulnerabilities to SQL injections, for example, in the Duplicate Page plugin for WordPress, which is just part of the statistics on which is based the RiskSense study.
User Review( votes)