CVE-2025-7100

Severity CVSS v4.0:
MEDIUM
Type:
CWE-284 Improper Access Control
Publication date:
07/07/2025
Last modified:
08/07/2025

Description

A vulnerability was found in BoyunCMS up to 1.4.20 and classified as critical. Affected by this issue is some unknown functionality of the file /application/user/controller/Index.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.