Cmsuno Security Vulnerabilities and Issues — Cmsuno CVE List

Lucene search

Cmsuno ProjectCmsuno

6 matches found

CVE•added 2020/11/13 4:15 p.m.•106 views

CVE-2020-25557

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server.

8.8CVSS8.7AI score0.06009EPSS

CVE•added 2020/11/13 4:15 p.m.•89 views

CVE-2020-25538

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.

8.8CVSS8.7AI score0.04517EPSS

CVE•added 2021/08/03 6:15 p.m.•82 views

CVE-2021-36654

CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.

5.4CVSS5.1AI score0.02602EPSS

CVE•added 2020/07/07 10:15 p.m.•57 views

CVE-2020-15600

An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.

6.5CVSS6.4AI score0.00124EPSS

CVE•added 2021/10/11 10:15 a.m.•29 views

CVE-2021-40889

CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into pa...

9.8CVSS9.7AI score0.01119EPSS

CVE•added 2018/08/20 1:29 a.m.•25 views

CVE-2018-15567

CMSUno before 1.5.3 has XSS via the title field.

6.1CVSS5.9AI score0.0024EPSS