- Description
- A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file install/install2.php of the component Installation Handler. The manipulation of the argument db_host leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
- Source
- cna@vuldb.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 6.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Secondary
- Base score
- 5.6
- Impact score
- 3.4
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
CVSS 2.0
- Type
- Secondary
- Base score
- 5.1
- Impact score
- 6.4
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:P/I:P/A:P
- cna@vuldb.com
- CWE-20
- Hype score
- Not currently trending
CVE-2025-7099 BoyunCMS PHP7 Remote Deserialization Vulnerability in Installation Handler https://t.co/ugWZA34ARz
@VulmonFeeds
7 Jul 2025
103 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-7099 A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file install… https://t.co/xh8KuJRkBz
@CVEnew
6 Jul 2025
367 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes