| Titel | EyouCMS 1.7.7 Deserialization |
|---|
| Beschreibung | EyouCMS ≤1.7.7 contains a PHP Object Injection vulnerability in the arcpagelist functionality. The application uses native unserialize() function on data from the ey_arcmulti database table without class restriction. Combined with ThinkPHP 5.0.24 gadget chains, this can lead to Remote Code Execution or arbitrary file deletion. Exploitation requires the ability to write to the database through SQL injection or other means. |
|---|
| Quelle | ⚠️ https://note-hxlab.wetolink.com/share/2wLgcbKe9Toh |
|---|
| Benutzer | pemic (UID 93604) |
|---|
| Einreichung | 18.12.2025 08:34 (vor 6 Monaten) |
|---|
| Moderieren | 30.12.2025 19:46 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 339083 [EyouCMS bis 1.7.7 arcpagelist Ajax.php unserialize attstr erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|