PT-2025-49139

Name of the Vulnerable Software and Affected Versions UNA CMS versions 9.0.0-RC1 through 14.0.0-RC4 Description The software contains a PHP object injection issue in the BxBaseMenuSetAclLevel.php component. The profile id POST parameter is passed to the PHP unserialize function without sufficient...

UNA CMS 14.0.0-RC - PHP Object Injection

Exploit Title: UNA CMS = 14.0.0-RC4 BxBaseMenuSetAclLevel.php PHP Object Injection Vulnerability Author: Egidio Romano aka EgiX Software link.......: https://unacms.com - Software Links: https://unacms.com https://github.com/unacms/una - Affected Versions: All versions from 9.0.0-RC1 to 14.0.0-RC...