PT-2025-8962 · B1Gmail · B1Gmail
Mcdruid
·
Published
2025-02-27
·
Updated
2025-02-27
·
CVE-2025-1741
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:L/Au:M/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
b1gMail versions up to 7.4.1-pl1
Description
A problematic issue was found in the Admin Page component, specifically in the file src/admin/users.php, where the manipulation of the
query/q argument leads to deserialization. This issue can be exploited remotely. It is recommended to upgrade to a newer version to address this issue.Recommendations
For b1gMail versions up to 7.4.1-pl1, upgrade to version 7.4.1-pl2 to address this issue.
For b1gMail 7.4.0 commercial edition, upgrade to version 7.4.0-pl3.
Fix
Deserialization of Untrusted Data
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
B1Gmail