Code Injection Vulnerability in BoyunCMS Configuration Component
CVE-2025-7101

6.3MEDIUM

Key Information:

Vendor: Boyun
Status: BoyunCMS
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-7101?

A code injection vulnerability has been identified in the BoyunCMS software, specifically affecting the Configuration File Handler component located in the /install/install_ok.php file. This issue arises due to inadequate validation of input parameters, particularly the 'db_pass' argument, which can be exploited to execute arbitrary code remotely. As the exploit has been publicly disclosed, it presents a significant risk to users of versions up to 1.4.20 of BoyunCMS, necessitating prompt remediation efforts.

References

https://note-hxlab.wetolink.com/share/6wemW8CnOMbu

https://vuldb.com/?ctiid.315015

https://vuldb.com/?id.315015

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2025