| 제목 | EyouCMS 1.7.7 Deserialization |
|---|
| 설명 | EyouCMS ≤1.7.7 contains a PHP Object Injection vulnerability in the arcpagelist functionality. The application uses native unserialize() function on data from the ey_arcmulti database table without class restriction. Combined with ThinkPHP 5.0.24 gadget chains, this can lead to Remote Code Execution or arbitrary file deletion. Exploitation requires the ability to write to the database through SQL injection or other means. |
|---|
| 원천 | ⚠️ https://note-hxlab.wetolink.com/share/2wLgcbKe9Toh |
|---|
| 사용자 | pemic (UID 93604) |
|---|
| 제출 | 2025. 12. 18. AM 08:34 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 30. PM 07:46 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 339083 [EyouCMS 까지 1.7.7 arcpagelist Ajax.php unserialize attstr 권한 상승] |
|---|
| 포인트들 | 20 |
|---|