PT-2025-28094 · Boyuncms · Boyuncms

Yeleipeng

Published

2025-07-06

Updated

2025-09-15

CVE-2025-7099

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: BoyunCMS versions up to 1.21

Description: A critical issue has been found in the Installation Handler component, specifically in the file install/install2.php. The manipulation of the db host argument leads to deserialization. This issue can be exploited remotely, but the complexity of an attack is rather high, making exploitation difficult.

Recommendations: For BoyunCMS versions up to 1.21, update to a version that fixes this issue, as the current version is affected by a critical vulnerability in the Installation Handler component.

Exploit

Fix

Deserialization of Untrusted Data

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-20

Related Identifiers

CVE-2025-7099

Affected Products

Boyuncms

PT-2025-28094 · Boyuncms · Boyuncms

CVE-2025-7099

Weakness Enumeration

Related Identifiers

Affected Products

References · 10