Server-Side Request Forgery Vulnerability in BoyunCMS by Boyun
CVE-2025-7103
Key Information:
Badges
What is CVE-2025-7103?
A vulnerability in BoyunCMS versions up to 1.4.20 has been identified that impacts the processing of the 'curl' component within the file '/application/pay/controller/Index.php'. This issue can lead to server-side request forgery, allowing attackers to send unauthorized requests from the server, potentially leading to unauthorized access to sensitive data or internal resources. The exploitation of this vulnerability can be executed remotely, raising concerns for web application security. It is crucial for users and administrators to review their systems and implement necessary security measures.
Affected Version(s)
BoyunCMS 1.4.0
BoyunCMS 1.4.1
BoyunCMS 1.4.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved