2 matches found
CMSUno Remote Code Execution (CVE-2021-40889)
A remote code execution vulnerability exists in CMSUno. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2021-40889
CMSUno 1.7.2 is affected by a PHP code execution vulnerability. The sauvePass action in {webroot}/uno/central.php writes the username to password.php via file_put_contents() after a password change, allowing an attacker to inject PHP code into password.php and trigger code execution through login...