A researcher discovered an RCE vulnerability in a Nokia subdomain (emop.ext.net.nokia.com) running a vulnerable version of Drupal susceptible to Drupalgeddon by using Yandex subdomain enumeration, Nikto scanning, and version fingerprinting with WhatWeb. The finding demonstrates a practical methodology for discovering and exploiting known CMS vulnerabilities through basic reconnaissance.
A Local File Inclusion (LFI) vulnerability was discovered in Apigee portals where the SCSS @import directive could be abused to read arbitrary files on the server by referencing paths like /etc/shadow, with compilation errors exposing file contents. The vulnerability was patched by Google shortly after disclosure through their VRP.
A bug bounty hunter discovered a stored XSS vulnerability in a Drupal application by chaining cache poisoning with an unreflected HTTP header (style) discovered via Param Miner brute-forcing, allowing arbitrary XSS payloads to be cached and served to all users visiting a poisoned URL.