5 matches found
CVE-2025-7101
Summary of CVE-2025-7101 (Mode C): A vulnerability in BoyunCMS up to version 1.4.20 affects the Configuration File Handler, specifically an unknown part of the file /install/install_ok.php. Manipulation of the argument db_pass leads to code injection. The vulnerability is remotely exploitable, an...
CVE-2025-7100
CVE-2025-7100 affects BoyunCMS up to 1.4.20. The issue is in /application/user/controller/Index.php where manipulating the image parameter enables unrestricted file upload. Exploitation is possible remotely and exploits have been disclosed publicly. Attackers with no privileges can trigger the up...
CVE-2025-7102
CVE-2025-7102 affects BoyunCMS up to 1.4.20, targeting the file application/update/controller/Server.php. The vulnerability stems from improper handling of the argument phone, enabling SQL injection that can be triggered remotely. The initial sources indicate exploitation has been disclosed publi...
CVE-2025-7099
BoyunCMS
CVE-2025-7103
CVE-2025-7103 affects BoyunCMS up to v1.4.20. The vulnerability resides in the curl component’s handling of /application/pay/controller/Index.php, enabling server-side request forgery (SSRF) and potentially remote exploitation. The issue is triggered by improper processing in that file. Public di...