Submeter #718481: EyouCMS 1.7.7 Deserializationinformação

TítuloEyouCMS 1.7.7 Deserialization
DescriçãoEyouCMS ≤1.7.7 contains a PHP Object Injection vulnerability in the arcpagelist functionality. The application uses native unserialize() function on data from the ey_arcmulti database table without class restriction. Combined with ThinkPHP 5.0.24 gadget chains, this can lead to Remote Code Execution or arbitrary file deletion. Exploitation requires the ability to write to the database through SQL injection or other means.
Fonte⚠️ https://note-hxlab.wetolink.com/share/2wLgcbKe9Toh
Utilizador
 pemic (UID 93604)
Submissão18/12/2025 08h34 (há 6 meses)
Moderação30/12/2025 19h46 (12 days later)
EstadoAceite
Entrada VulDB339083 [EyouCMS até 1.7.7 arcpagelist Ajax.php unserialize attstr Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!