Post cover image

July 3, 2026

Unauthenticated RCE in CKFinder via Null Byte Injection Vulnerability

During an authorized penetration test on a corporate web application, I was performing directory enumeration against the target when I came…

By Ali İltizar

5 min read