| Título | EyouCMS 1.7.7 Deserialization |
|---|
| Descripción | EyouCMS ≤1.7.7 contains a PHP Object Injection vulnerability in the arcpagelist functionality. The application uses native unserialize() function on data from the ey_arcmulti database table without class restriction. Combined with ThinkPHP 5.0.24 gadget chains, this can lead to Remote Code Execution or arbitrary file deletion. Exploitation requires the ability to write to the database through SQL injection or other means. |
|---|
| Fuente | ⚠️ https://note-hxlab.wetolink.com/share/2wLgcbKe9Toh |
|---|
| Usuario | pemic (UID 93604) |
|---|
| Sumisión | 2025-12-18 08:34 (hace 6 meses) |
|---|
| Moderación | 2025-12-30 19:46 (12 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 339083 [EyouCMS hasta 1.7.7 arcpagelist Ajax.php unserialize attstr escalada de privilegios] |
|---|
| Puntos | 20 |
|---|