Remote Code Execution in Pro-SaaS v4.2

Security Advisories

Category web

Published APRIL 30, 2026

Updated MAY 4, 2026

Reading 3 MIN

Summary

Executive Summary
Technical Details
Attack Vector
Proof of Concept (PoC)
Recommendations & Mitigation
Extra Details 1
Extra Details 2
Extra Details 3
Extra Details 4

Executive Summary

This advisory details a critical vulnerability discovered in the Pro-SaaS v4.2 architecture leading to unauthenticated Remote Code Execution (RCE).

Technical Details

The flaw is located in the user session handling module. Insecure deserialization allows an attacker to inject malicious objects via the session cookie.

Attack Vector

The attacker sends a specially crafted HTTP request containing a base64-encoded payload in the Cookie header.

Proof of Concept (PoC)

Here is a simplified example of the request to exploit the flaw:

1
2
3
GET /api/v1/profile HTTP/1.1
Host: target.local
Cookie: session=TzoyNDoiR3V6emxlSHR0cFxHYXpsZVxSZXF1ZXN0I...

Recommendations & Mitigation

To fix this vulnerability, it is imperative to apply the patch provided by the vendor.

Extra Details 1

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam ac lacus arcu. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Morbi elementum, justo nec aliquam dictum, odio felis efficitur ex, non blandit nisi leo in mauris. Suspendisse pulvinar erat nec erat pretium convallis. Donec condimentum diam eget libero ullamcorper porttitor. Curabitur vel eros feugiat, molestie felis a, lacinia tortor. Sed vel est a diam vehicula viverra id id felis. Proin sit amet nulla vitae felis iaculis pharetra. Aliquam nec mauris massa. Integer vehicula dapibus purus ut ultrices.

Extra Details 2

Aenean dapibus est a ante dictum, sit amet porta dolor blandit. Morbi id nibh vel sapien dapibus lobortis sit amet id dolor. Nulla sodales mi eget dui mollis, sed varius libero imperdiet. Mauris pretium lorem a urna cursus rhoncus. Suspendisse aliquet ex eget nibh fringilla placerat. In molestie dictum libero at mollis. Etiam nec arcu nisl. Nam scelerisque metus in porta porta. Aliquam scelerisque elementum metus. Nunc scelerisque turpis quis libero porta, sit amet viverra enim vestibulum.

Extra Details 3

Cras imperdiet scelerisque eros, a rhoncus urna feugiat non. Suspendisse eu ipsum accumsan, posuere lacus ut, tincidunt lectus. Sed id tellus porta, dictum felis eget, aliquam eros. Proin porta est libero, in cursus risus interdum ac. Morbi ac libero eu lacus facilisis dictum. Vivamus aliquam tincidunt purus. Cras ut velit sit amet dolor venenatis suscipit ut id massa. Curabitur eu porta nisl. Quisque eleifend odio a quam cursus ornare. Nam non diam vitae ligula elementum commodo.

Extra Details 4

Pellentesque dapibus mauris sed tempor facilisis. Duis imperdiet ligula sed finibus placerat. Cras sodales ante a ex dictum porttitor. Nulla sit amet lacinia sem, at hendrerit ex. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Sed porta tellus non ex fermentum, ut gravida massa vehicula. Aenean condimentum nisi a scelerisque viverra. Ut vehicula nulla non urna posuere, pulvinar congue ipsum tristique. Maecenas scelerisque magna neque, vel facilisis nisi iaculis quis. Cras ultrices scelerisque lectus, sit amet vehicula libero sodales eget.