You are here

Home

cve

Research: PHP Object Injection in XOOPS Modules

21 February 2025 - 2:59pm — drew

As part of my research into Gadget Chains and PHP Object Injection, I discovered exploitable vulnerabilities in three different XOOPS modules.

The XOOPS team responded quickly to my report, and fixes were released not long after. They were very good to work with.

They published details here:

https://xoops.org/modules/newbb/viewtopic.php?topic_id=79555

The specific fixes were:

Tags: 
security-research
cve
php-object-injection
security

Research: PHP Object Injection in MODX Login Extra

21 February 2025 - 11:20am — drew

As part of my research into Gadget Chains and PHP Object Injection, I discovered an exploitable vulnerability in the MODX Login Extra project.

The MODX team responded immediately to my report and a fix was released within hours - very impressive!

They published details here:

https://community.modx.com/t/modx-login-extra-php-object-injection-vulne...

This was assessed as:

Tags: 
security-research
cve
php-object-injection
security
gadget-chain
Subscribe to RSS - cve
Powered by Drupal