CVE-2025-7099
BaseFortify
Publication date: 2025-07-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| boyuncms_project | boyuncms | to 1.21 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7099 is a critical vulnerability in BoyunCMS versions up to 1.21, specifically in the installation handler file install/install2.php. It involves unsafe deserialization caused by manipulation of the db_host argument during installation. An attacker can remotely specify an arbitrary MySQL server, potentially connecting the CMS installation to a malicious server they control. In PHP versions up to 7.1, this can be further exploited using the MySQL LOCAL INFILE feature to read arbitrary files from the client system, which may lead to information disclosure and trigger unsafe unserialize operations, possibly resulting in remote code execution or arbitrary file download. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to connect your BoyunCMS installation to a malicious MySQL server, potentially leading to unauthorized access to sensitive data. For PHP versions up to 7.1, the attacker can read arbitrary files from your system, causing information disclosure. Additionally, the unsafe deserialization can compromise the confidentiality, integrity, and availability of your system, possibly enabling remote code execution or arbitrary file downloads. The attack requires no authentication but is considered difficult to exploit. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable installation script install/install2.php in BoyunCMS versions up to 1.21. One detection method is to use Google dorking with queries such as 'inurl:install/install2.php' to identify exposed installation endpoints. On your system or network, you can scan for HTTP endpoints serving this script. Additionally, monitoring for suspicious POST requests to /install/install2.php with parameters like db_create=1 and attacker-controlled db_host values may indicate exploitation attempts. Example commands include using curl to send crafted POST requests to test the endpoint or using network monitoring tools to detect such requests. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or removing the install/install2.php script from the BoyunCMS installation to prevent remote exploitation. Since no known countermeasures or patches are published, it is recommended to replace the affected BoyunCMS version with an alternative or updated solution that is not vulnerable. Additionally, restricting access to the installation directory via firewall rules or web server configuration can reduce exposure. Monitoring and blocking suspicious requests targeting the installation handler is also advised. [2]