Posted by Dau, Huy-Ngoc (FR – Paris) on Sep 07

Checkmarx CxQL Sandbox bypass (CVE-2014-8778)

Vendor: Checkmarx – www.checkmarx.com
Product: CxSuite
Version affected: 7.1.5 and prior

Credit: Huy-Ngoc DAU (@ngocdh) of Deloitte Conseil, France

================================
Introduction
================================
Checkmarx is a static source code analysis suite (https://www.checkmarx.com).

CxQL (Checkmarx Query Language) is a CSharp-based language defined by Checkmarx to query source…