<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Security Research on Byte JMP</title>
    <link>https://bytejmp.com/categories/security-research/</link>
    <description>Recent content in Security Research on Byte JMP</description>
    <generator>Hugo -- gohugo.io</generator>
    <language>en-gb</language>
    <lastBuildDate>Wed, 01 Jul 2026 14:00:00 -0300</lastBuildDate><atom:link href="https://bytejmp.com/categories/security-research/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>Breaking Databasement: From IDOR to RCE in a Backup Management Platform</title>
      <link>https://bytejmp.com/posts/breaking-databasement/</link>
      <pubDate>Wed, 01 Jul 2026 14:00:00 -0300</pubDate>
      <guid>https://bytejmp.com/posts/breaking-databasement/</guid>
      
      <description>Field Details Target Databasement v1.5.5 Date July 2026 Researchers @bytejmp, @d0c84 Databasement is an open-source Laravel application for managing database server backups. It supports MySQL, PostgreSQL, MariaDB, SQLite, Redis, MongoDB, SQL Server, and Firebird, with features like scheduled backups, cross-server restores, and multi-tenant organization isolation.
During our security research, we identified five vulnerabilities that, when combined, allow a low-privileged user to exfiltrate data from other tenants, achieve remote code execution on the server, and perform persistent destructive operations against production databases.</description>
      
    </item>
    
  </channel>
</rss>
