Lucene search
K
Boyuncms ProjectBoyuncms

5 matches found

CVE
CVE
added 2025/07/07 12:32 a.m.28 views

CVE-2025-7101

Summary of CVE-2025-7101 (Mode C): A vulnerability in BoyunCMS up to version 1.4.20 affects the Configuration File Handler, specifically an unknown part of the file /install/install_ok.php. Manipulation of the argument db_pass leads to code injection. The vulnerability is remotely exploitable, an...

9.8CVSS6.8AI score0.00374EPSS
Web
CVE
CVE
added 2025/07/07 1:2 a.m.27 views

CVE-2025-7102

CVE-2025-7102 affects BoyunCMS up to 1.4.20, targeting the file application/update/controller/Server.php. The vulnerability stems from improper handling of the argument phone, enabling SQL injection that can be triggered remotely. The initial sources indicate exploitation has been disclosed publi...

9.8CVSS6.8AI score0.00302EPSS
Web
CVE
CVE
added 2025/07/06 11:32 p.m.26 views

CVE-2025-7099

BoyunCMS

6.3CVSS5.6AI score0.00397EPSS
Web
CVE
CVE
added 2025/07/07 12:2 a.m.26 views

CVE-2025-7100

CVE-2025-7100 affects BoyunCMS up to 1.4.20. The issue is in /application/user/controller/Index.php where manipulating the image parameter enables unrestricted file upload. Exploitation is possible remotely and exploits have been disclosed publicly. Attackers with no privileges can trigger the up...

9.8CVSS6.4AI score0.00295EPSS
Web
CVE
CVE
added 2025/07/07 1:32 a.m.23 views

CVE-2025-7103

CVE-2025-7103 affects BoyunCMS up to v1.4.20. The vulnerability resides in the curl component’s handling of /application/pay/controller/Index.php, enabling server-side request forgery (SSRF) and potentially remote exploitation. The issue is triggered by improper processing in that file. Public di...

7.5CVSS6.5AI score0.00314EPSS