Boyuncms Project Boyuncms vulnerabilities
5 known vulnerabilities affecting boyuncms_project/boyuncms.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-7101P2CRITICALCVSS 9.8≥ 1.4, ≤ 1.4.20v1.4.0+20 more2025-07-07
CVE-2025-7101 [CRITICAL] CWE-74 CVE-2025-7101: A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects
A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/install_ok.php of the component Configuration File Handler. The manipulation of the argument db_pass leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the pu
nvd
CVE-2025-7100P2CRITICALCVSS 9.8≥ 1.4, ≤ 1.4.20v1.4.0+20 more2025-07-07
CVE-2025-7100 [CRITICAL] CWE-284 CVE-2025-7100: A vulnerability was found in BoyunCMS up to 1.4.20 and classified as critical. Affected by this issu
A vulnerability was found in BoyunCMS up to 1.4.20 and classified as critical. Affected by this issue is some unknown functionality of the file /application/user/controller/Index.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2025-7102P3CRITICALCVSS 9.8≥ 1.4, ≤ 1.4.20v1.4.0+20 more2025-07-07
CVE-2025-7102 [CRITICAL] CWE-74 CVE-2025-7102: A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerabi
A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2025-7103P3HIGHCVSS 7.5≥ 1.4, ≤ 1.4.20v1.4.0+20 more2025-07-07
CVE-2025-7103 [HIGH] CWE-918 CVE-2025-7103: A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affect
A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2025-7099P3MEDIUMCVSS 5.9≤ 1.21v1.0+21 more2025-07-07
CVE-2025-7099 [MEDIUM] CWE-20 CVE-2025-7099: A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected b
A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file install/install2.php of the component Installation Handler. The manipulation of the argument db_host leads to deserialization. The attack can be launched remotely. The complexity of an attack i
nvd