Code Injection Vulnerability in BoyunCMS Configuration Component
CVE-2025-7101
6.3MEDIUM
What is CVE-2025-7101?
A code injection vulnerability has been identified in the BoyunCMS software, specifically affecting the Configuration File Handler component located in the /install/install_ok.php file. This issue arises due to inadequate validation of input parameters, particularly the 'db_pass' argument, which can be exploited to execute arbitrary code remotely. As the exploit has been publicly disclosed, it presents a significant risk to users of versions up to 1.4.20 of BoyunCMS, necessitating prompt remediation efforts.