| Title | Boyun Boyun PHPCMS <=1.4.20 arbitrary file upload |
|---|
| Description | BoYunCMS (versions ≤1.4.20) suffers from an arbitrary file upload vulnerability in the /application/user/controller/Index.php file. Due to insufficient validation in the file upload functionality, authenticated users can upload malicious files, such as web shells, via the /user/Index/upload endpoint. This flaw allows attackers to achieve remote code execution on the server, posing a critical security risk. |
|---|
| Source | ⚠️ https://note-hxlab.wetolink.com/share/KLjaD7oBzCSp |
|---|
| User | YELEIPENG (UID 73615) |
|---|
| Submission | 06/26/2025 10:57 (10 months ago) |
|---|
| Moderation | 07/05/2025 19:33 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 315014 [BoyunCMS up to 1.4.20 Index.php image unrestricted upload] |
|---|
| Points | 20 |
|---|