Code Injection Vulnerability in BoyunCMS Configuration Component
CVE-2025-7101

6.3MEDIUM

Key Information:

Vendor

Boyun

Status
Vendor
CVE Published:
7 July 2025

What is CVE-2025-7101?

A code injection vulnerability has been identified in the BoyunCMS software, specifically affecting the Configuration File Handler component located in the /install/install_ok.php file. This issue arises due to inadequate validation of input parameters, particularly the 'db_pass' argument, which can be exploited to execute arbitrary code remotely. As the exploit has been publicly disclosed, it presents a significant risk to users of versions up to 1.4.20 of BoyunCMS, necessitating prompt remediation efforts.

References

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.