Lucene search
K

61 matches found

OSV
OSV
added 2021/08/03 6:15 p.m.16 views

CVE-2021-36654

CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter tgo while updating the theme...

5.4CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2021/08/03 6:15 p.m.14 views

Cross site scripting

CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter tgo while updating the theme...

3.5CVSS5.1AI score0.01936EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2021/08/03 5:47 p.m.99 views

CVE-2021-36654

CMSuno 1.7 (and earlier) is affected by an authenticated stored cross-site scripting (XSS) vulnerability. The flaw occurs in the theme update flow when the attacker can modify the filename parameter (tgo) during a template image name submission, injecting payloads via the tgo parameter to trigger...

5.4CVSS5.1AI score0.01936EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2021/08/03 5:47 p.m.17 views

CVE-2021-36654

CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter tgo while updating the theme...

5.4AI score0.01936EPSS
Exploits4References2
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.6 views

CMSUno 跨站脚本漏洞

CMSUno is a tool for creating single-page responsive websites by the French individual developer Jacques Malgrange. A cross-site scripting vulnerability exists in CMSuno version 1.7, which can be exploited by an authenticated attacker by modifying the filename parameter tgo...

5.4CVSS5.5AI score0.01936EPSS
Exploits4References5
Packet Storm
Packet Storm
added 2021/01/28 12:0 a.m.164 views

CMSUno 1.6.2 Remote Code Execution

!/usr/bin/env ruby Exploit Title: CMSUno 1.6.1 = 1.6.2 - Remote Code Execution Authenticated Google Dorks: inurl:uno/central.php inurl:uno/config.php inurl:uno.php intitle:"CMSUno - Login" Author: noraj Alexandre ZANNI for SEC-IT https://secit.fr Author website: https://pwn.by/noraj/ Date:...

6.5CVSS0.1AI score0.09852EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/01/28 12:0 a.m.366 views

CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)

Exploit Title: CMSUno 1.6.2 - 'lang/user' Remote Code Execution Authenticated Google Dorks: inurl:uno/central.php inurl:uno/config.php inurl:uno.php intitle:"CMSUno - Login" Exploit Author: noraj Alexandre ZANNI for SEC-IT https://secit.fr https://www.exploit-db.com/?author=10066 Vendor Homepage:...

8.8CVSS8.7AI score0.09852EPSS
Exploits4
CNVD
CNVD
added 2020/11/16 12:0 a.m.1 views

CMSuno Code Injection Vulnerability

CMSUno is an easy and handy tool for creating one-page responsive websites. A code injection vulnerability exists in CMSuno 1.6.2. The vulnerability can be exploited to inject malicious PHP code as a "username" when changing a username and password, which can be used to run commands on the server...

8.8CVSS7.7AI score0.09852EPSS
Exploits3References1
CNVD
CNVD
added 2020/11/16 12:0 a.m.5 views

CMSuno Code Injection Vulnerability (CNVD-2020-63993)

CMSUno is an easy and handy tool for creating one-page responsive websites. A code injection vulnerability exists in CMSuno 1.6.2. This vulnerability can be exploited to inject malicious code into the "lang" parameter of /uno/central.php and run this PHP code in a web page to take over control of...

8.8CVSS7.6AI score0.09852EPSS
Exploits3References1
OSV
OSV
added 2020/11/13 4:15 p.m.24 views

CVE-2020-25557

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server...

8.8CVSS6.9AI score
Exploits0References2
NVD
NVD
added 2020/11/13 4:15 p.m.30 views

CVE-2020-25557

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server...

8.8CVSS8.7AI score0.09852EPSS
Exploits3References2
OSV
OSV
added 2020/11/13 4:15 p.m.15 views

CVE-2020-25538

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server...

8.8CVSS7AI score
Exploits0References2
NVD
NVD
added 2020/11/13 4:15 p.m.20 views

CVE-2020-25538

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server...

8.8CVSS8.8AI score0.09852EPSS
Exploits3References2
Prion
Prion
added 2020/11/13 4:15 p.m.21 views

Design/Logic Flaw

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server...

6.5CVSS8.7AI score0.09852EPSS
Exploits3References2Affected Software1
Prion
Prion
added 2020/11/13 4:15 p.m.22 views

Design/Logic Flaw

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server...

6.5CVSS8.7AI score0.09852EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2020/11/13 3:25 p.m.32 views

CVE-2020-25557

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server...

8.8AI score0.09852EPSS
Exploits3References2
CVE
CVE
added 2020/11/13 3:25 p.m.121 views

CVE-2020-25557

CMSUno 1.6.2 is affected by a code-injection vulnerability where an attacker can inject PHP code via the username field while changing their username/password. When the attacker logs in, the injected code executes, enabling an authenticated user to run commands on the server. Public advisories (e...

8.8CVSS8.7AI score0.09852EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2020/11/13 3:20 p.m.25 views

CVE-2020-25538

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server...

8.8AI score0.09852EPSS
Exploits3References2
CVE
CVE
added 2020/11/13 3:20 p.m.100 views

CVE-2020-25538

CMSUno 1.6.2 contains CVE-2020-25538: an authenticated attacker can inject malicious code into the lang parameter of /uno/central.php, causing PHP code execution in the web page and potentially taking over the server. This is a documented remote code execution vulnerability affecting CMSUno 1.6.2...

8.8CVSS8.7AI score0.09852EPSS
Exploits3References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/11/13 12:0 a.m.33 views

CVE-2020-25557

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a “username” while changing his/her username & password. After that, when attacker logs in to the application, attacker’s code will be run. As a result of this vulnerability, authenticated user can run command on the server. Recent...

8.8CVSS3.3AI score0.09852EPSS
Exploits3References4
Rows per page
Query Builder