| عنوان | EyouCMS 1.7.7 Deserialization |
|---|
| الوصف | EyouCMS ≤1.7.7 contains a PHP Object Injection vulnerability in the arcpagelist functionality. The application uses native unserialize() function on data from the ey_arcmulti database table without class restriction. Combined with ThinkPHP 5.0.24 gadget chains, this can lead to Remote Code Execution or arbitrary file deletion. Exploitation requires the ability to write to the database through SQL injection or other means. |
|---|
| المصدر | ⚠️ https://note-hxlab.wetolink.com/share/2wLgcbKe9Toh |
|---|
| المستخدم | pemic (UID 93604) |
|---|
| ارسال | 18/12/2025 08:34 AM (6 أشهر منذ) |
|---|
| الاعتدال | 30/12/2025 07:46 PM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 339083 [EyouCMS حتى 1.7.7 arcpagelist Ajax.php unserialize attstr تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|