Primary

Context

MuYuCMS Code Injection Vulnerability in Template Management Component

Vulnerability

A code injection vulnerability has been identified in MuYuCMS versions through 2.7, specifically within the Template Management component's admin.php file. This vulnerability allows remote attackers to inject malicious code, which can then be executed on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where MuYuCMS is installed.

Reproduction

To reproduce this vulnerability, log into the MuYuCMS admin panel and navigate to the Template Management section. Click on the template list, then select the option for online editing. Once in the editor, create a new PHP file and write a simple PHP script, such as one that displays PHP information. After saving the file, it can be accessed and executed, demonstrating the code injection vulnerability.

Added: Sep 26, 2025, 2:21 AM

Updated: Sep 26, 2025, 2:21 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MuYuCMS Code Injection Vulnerability in Template Management Component

Vulnerability

Impact

Reproduction

Affected Products

MuYuCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating