You are here

HomeMonthly archive

April 2025

Research: PHP Object Injection in b1gMail

3 April 2025 - 1:48pm — drew

As part of my research into Gadget Chains and PHP Object Injection, I discovered an exploitable vulnerability in b1gMail.

The maintainer was very responsive to the report and addressed the issue quickly. Thanks!

https://github.com/b1gMail-OSS/b1gMail/releases/tag/7.4.1-pl2

Details of the report:

https://gist.github.com/mcdruid/cb0b848c12fd6a6bc0c1b3357b983d30

This vulnerability was assigned CVE-2025-1741.

Tags: 
gadget-chain
security
php-object-injection
cve
security-research

Research: PHP Object Injection in Adianti Framework

30 April 2025 - 7:53am — drew

As part of my research into Gadget Chains and PHP Object Injection, I discovered an exploitable vulnerability in the Adianti Framework.

The maintainers were responsive to the report and have released a fix in version 8.1

https://adiantiframework.com.br/changelog#810

Details of the report:

https://gist.github.com/mcdruid/8412cfb55f443a1344ff41af0ce1b215

This vulnerability was assigned CVE-2025-3590.

Tags: 
gadget-chain
security
php-object-injection
cve
security-research
Powered by Drupal