4 matches found
CVE-2021-40889
CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in webroot/uno/central.php file calls to fileputcontents function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into...
CMSuno Code Injection Vulnerability (CNVD-2020-63993)
CMSUno is an easy and handy tool for creating one-page responsive websites. A code injection vulnerability exists in CMSuno 1.6.2. This vulnerability can be exploited to inject malicious code into the "lang" parameter of /uno/central.php and run this PHP code in a web page to take over control of...
CVE-2020-25538
An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server...
CVE-2020-25538
An authenticated attacker can inject malicious code into “lang” parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server. Recent assessments: noraj at May 08, 2021 7:39pm UTC reported: Be careful it...