Lucene search

CVE-2020-25538

🗓️ 13 Nov 2020 00:00:00Reported by AttackerKBType

CMSuno 1.6.2 allows authenticated attacker to inject malicious code via 'lang' parameter in central.php, leading to server takeover

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
NVD	CVE-2020-25538	13 Nov 202016:15	–	nvd
Cvelist	CVE-2020-25538	13 Nov 202015:20	–	cvelist
CVE	CVE-2020-25538	13 Nov 202016:15	–	cve
OSV	CVE-2020-25538	13 Nov 202016:15	–	osv
Prion	Design/Logic Flaw	13 Nov 202016:15	–	prion
Packet Storm	CMSUno 1.6.2 Remote Code Execution	28 Jan 202100:00	–	packetstorm
Exploit DB	CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)	28 Jan 202100:00	–	exploitdb

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
github	www.github.com/sec-it/CMSUno-RCE
fatihhcelik	www.fatihhcelik.blogspot.com/2020/09/cmsuno-162-remote-code-execution_30.html
packetstormsecurity	www.packetstormsecurity.com/files/161162/CMSUno-1.6.2-Remote-Code-Execution.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Nov 2020 00:00Current

3Low risk

Vulners AI Score3

EPSS0.04517