b1gMail Admin Page users.php deserialization
CVE-2025-1741

5.1MEDIUM

Key Information:

Status
B1gmail
Vendor
CVE Published:
27 February 2025

Summary

A vulnerability classified as problematic was found in b1gMail up to 7.4.1-pl1. Affected by this vulnerability is an unknown functionality of the file src/admin/users.php of the component Admin Page. The manipulation of the argument query/q leads to deserialization. The attack can be launched remotely. Upgrading to version 7.4.1-pl2 is able to address this issue. The identifier of the patch is 4816c8b748f6a5b965c8994e2cf10861bf6e68aa. It is recommended to upgrade the affected component. The vendor acted highly professional and even fixed this issue in the discontinued commercial edition as b1gMail 7.4.0-pl3.

Affected Version(s)

b1gMail 7.4.1-pl1

References

https://vuldb.com/?id.297829
vdb-entrytechnical-description
https://vuldb.com/?ctiid.297829
signaturepermissions-required
https://vuldb.com/?submit.505838
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

mcdruid (VulDB User)
.