CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/07/09 1:31 a.m.•4 views

CVE-2025-7102

A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection. The attack can be initiated remotely. The exploit has...

9.8CVSS7.8AI score0.00209EPSS

RedhatCVE•added 2025/07/09 1:31 a.m.•4 views

CVE-2025-7101

A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/installok.php of the component Configuration File Handler. The manipulation of the argument dbpass leads to code injection. It is possible to initiate the atta...

9.8CVSS7.8AI score0.00327EPSS

RedhatCVE•added 2025/07/09 12:17 a.m.•13 views

CVE-2025-7100

A vulnerability was found in BoyunCMS up to 1.4.20 and classified as critical. Affected by this issue is some unknown functionality of the file /application/user/controller/Index.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The...

9.8CVSS6.3AI score0.00301EPSS

NVD•added 2025/07/07 2:15 a.m.•2 views

CVE-2025-7103

7.5CVSS0.0018EPSS

CVE•added 2025/07/07 1:32 a.m.•18 views

CVE-2025-7103

CVE-2025-7103 affects BoyunCMS up to v1.4.20. The vulnerability resides in the curl component’s handling of /application/pay/controller/Index.php, enabling server-side request forgery (SSRF) and potentially remote exploitation. The issue is triggered by improper processing in that file. Public di...

7.5CVSS6.5AI score0.0018EPSS

NVD•added 2025/07/07 1:15 a.m.•6 views

CVE-2025-7101

9.8CVSS0.00327EPSS

NVD•added 2025/07/07 1:15 a.m.•2 views

CVE-2025-7102

9.8CVSS0.00209EPSS

CVE•added 2025/07/07 1:2 a.m.•20 views

CVE-2025-7102

CVE-2025-7102 affects BoyunCMS up to 1.4.20, targeting the file application/update/controller/Server.php. The vulnerability stems from improper handling of the argument phone, enabling SQL injection that can be triggered remotely. The initial sources indicate exploitation has been disclosed publi...

9.8CVSS6.8AI score0.00209EPSS

CVE•added 2025/07/07 12:32 a.m.•21 views

CVE-2025-7101

Summary of CVE-2025-7101 (Mode C): A vulnerability in BoyunCMS up to version 1.4.20 affects the Configuration File Handler, specifically an unknown part of the file /install/install_ok.php. Manipulation of the argument db_pass leads to code injection. The vulnerability is remotely exploitable, an...

9.8CVSS6.8AI score0.00327EPSS

Vulnrichment•added 2025/07/07 12:32 a.m.•3 views

CVE-2025-7101 BoyunCMS Configuration File install_ok.php code injection

6.5CVSS7.8AI score0.00327EPSS

NVD•added 2025/07/07 12:15 a.m.•4 views

CVE-2025-7099

A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file install/install2.php of the component Installation Handler. The manipulation of the argument dbhost leads to deserialization. The attack...

6.3CVSS0.00217EPSS

CVE•added 2025/07/07 12:2 a.m.•19 views

CVE-2025-7100

CVE-2025-7100 affects BoyunCMS up to 1.4.20. The issue is in /application/user/controller/Index.php where manipulating the image parameter enables unrestricted file upload. Exploitation is possible remotely and exploits have been disclosed publicly. Attackers with no privileges can trigger the up...

9.8CVSS6.4AI score0.00301EPSS

Vulnrichment•added 2025/07/07 12:2 a.m.•4 views

CVE-2025-7100 BoyunCMS Index.php unrestricted upload

6.5CVSS7.1AI score0.00301EPSS