| tiêu đề | b1gMail-OSS b1gMail 7.4.1-pl1 Deserialization |
|---|
| Mô tả | b1gMail OSS has a PHP Object Injection vulnerability as a result of Deserialization of Untrusted Data.
(POP/) Gadget Chains exist in b1gMail (and its libraries) which allow Object Injection vulnerabilities to be exploited, for example to delete arbitrary files. Other attacks may be possible depending on what plugins are installed.
The vulnerability is mitigated by the fact that the vulnerable functionality is in an admin page, access to which is restricted to administrators.
Because the vulnerability can be exploited via a GET request, it may be possible to conduct such an attack via Cross Site Scripting (XSS) or a similar vector.
The vulnerability is fixed in b1gMail 7.4.1 Patch Level 2 |
|---|
| Nguồn | ⚠️ https://gist.github.com/mcdruid/cb0b848c12fd6a6bc0c1b3357b983d30 |
|---|
| Người dùng | mcdruid (UID 79710) |
|---|
| Đệ trình | 23/02/2025 19:28 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 27/02/2025 09:47 (4 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 297829 [b1gMail đến 7.4.1-pl1 Admin Page src/admin/users.php query/q nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|