CVE-2025-7102 | BoyunCMS up to 1.4.20 Server.php phone sql injection

A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection.

This vulnerability was named CVE-2025-7102. The attack can be initiated remotely. Furthermore, there is an exploit available.VulDB Recent EntriesRead More