Matei "Mal" Badanoiu (aka CVE Jesus)

Pentest-Tools.com, Security Research Lead

Full time security researcher living his life one CVE at a time. Will need to find a new way to measure time if CVEs are not a thing anymore.

Matei "Mal" Badanoiu (aka CVE Jesus)

Full time security researcher living his life one CVE at a time. Will need to find a new way to measure time if CVEs are not a thing anymore.

Posts by this author

Security research
How we built an exploit for SessionReaper, CVE-2025-54236 in Magento 2 & Adobe Commerce
Here's how we weaponized SessionReaper (CVE-2025-54236) against Magento 2, chaining ServiceInputProcessor quirks and a session proxy setter to forge customer sessions and hijack accounts. Our lab-tested PoC exposes attack surface, a possible preauth RCE, and an automated exploit - a practical walkthrough for researchers who like coffee strong and bugs reliable.
Author(s)
David Bors,
Matei "Mal" Badanoiu (aka CVE Jesus)
Published at
22 Oct 2025
Updated at
23 Oct 2025

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account

Target illustration