CVE-2025-7101
BaseFortify
Publication date: 2025-07-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| boyuncms_project | boyuncms | From 1.4 (inc) to 1.4.20 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7101 is a critical remote code execution vulnerability in BoyunCMS versions up to 1.4.20. It occurs in the file /install/install_ok.php where the database password (db_pass) parameter is not properly sanitized. An attacker can inject malicious PHP code into the db_pass field during the installation process. This injected code is then saved into the configuration file (application/database.php) and executed on subsequent requests, allowing the attacker to execute arbitrary code on the server remotely and gain full control. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to full server compromise by allowing an attacker to execute arbitrary PHP code remotely. The attacker can gain unauthorized access, manipulate or destroy data, disrupt service availability, and potentially use the compromised server to launch further attacks. It impacts the confidentiality, integrity, and availability of the affected system. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable installation script at /install/install_ok.php and by searching for signs of malicious code injection in the configuration file application/database.php. One method to identify potentially vulnerable targets is using Google dorking with the query: inurl:install/install_ok.php. Additionally, monitoring HTTP POST requests to /install/install_ok.php with suspicious parameters such as db_pass containing PHP code injection payloads can help detect exploitation attempts. There are no specific commands provided, but network monitoring for POST requests to the installation endpoint and file integrity checks on application/database.php are recommended. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include discontinuing use of BoyunCMS versions up to 1.4.20 and replacing the affected product with an alternative, as no known countermeasures or patches have been documented. Restricting access to the /install/install_ok.php script, for example by removing or disabling the installation directory after setup, can reduce exposure. Monitoring and blocking suspicious POST requests to the installation endpoint may also help. Since the vulnerability allows remote code execution via the db_pass parameter, preventing unauthorized access to the installation process is critical. [2]