Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2021/10/11 10:15 a.m.3 views

CVE-2021-40889

CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in webroot/uno/central.php file calls to fileputcontents function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into...

9.8CVSS7.8AI score0.01788EPSS
Exploits1References2
CNVD
CNVD
added 2020/11/16 12:0 a.m.7 views

CMSuno Code Injection Vulnerability (CNVD-2020-63993)

CMSUno is an easy and handy tool for creating one-page responsive websites. A code injection vulnerability exists in CMSuno 1.6.2. This vulnerability can be exploited to inject malicious code into the "lang" parameter of /uno/central.php and run this PHP code in a web page to take over control of...

8.8CVSS7.6AI score0.09852EPSS
Exploits3References1
OSV
OSV
added 2020/11/13 4:15 p.m.15 views

CVE-2020-25538

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server...

8.8CVSS7AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/11/13 12:0 a.m.48 views

CVE-2020-25538

An authenticated attacker can inject malicious code into “lang” parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server. Recent assessments: noraj at May 08, 2021 7:39pm UTC reported: Be careful it...

8.8CVSS3AI score0.09852EPSS
Exploits3References4
Rows per page
Query Builder