Lucene search
K
Cmsuno ProjectCmsuno

6 matches found

CVE
CVE
added 2020/11/13 3:25 p.m.120 views

CVE-2020-25557

CMSUno 1.6.2 is affected by a code-injection vulnerability where an attacker can inject PHP code via the username field while changing their username/password. When the attacker logs in, the injected code executes, enabling an authenticated user to run commands on the server. Public advisories (e...

8.8CVSS8.7AI score0.09852EPSS
Web
CVE
CVE
added 2020/11/13 3:20 p.m.100 views

CVE-2020-25538

CMSUno 1.6.2 contains CVE-2020-25538: an authenticated attacker can inject malicious code into the lang parameter of /uno/central.php, causing PHP code execution in the web page and potentially taking over the server. This is a documented remote code execution vulnerability affecting CMSUno 1.6.2...

8.8CVSS8.7AI score0.09852EPSS
Web
CVE
CVE
added 2021/08/03 5:47 p.m.98 views

CVE-2021-36654

CMSuno 1.7 (and earlier) is affected by an authenticated stored cross-site scripting (XSS) vulnerability. The flaw occurs in the theme update flow when the attacker can modify the filename parameter (tgo) during a template image name submission, injecting payloads via the tgo parameter to trigger...

5.4CVSS5.1AI score0.01936EPSS
Web
CVE
CVE
added 2020/07/07 9:17 p.m.72 views

CVE-2020-15600

CVE-2020-15600 affects CMSUno versions prior to 1.6.1. The vulnerability is a cross-site request forgery in uno.php that allows an attacker to change the admin password. Several connected sources corroborate the issue and point to exposure in CMSUno before 1.6.1, with PoC examples and references ...

6.5CVSS6.4AI score0.01899EPSS
Web
CVE
CVE
added 2021/10/11 9:56 a.m.43 views

CVE-2021-40889

CMSUno 1.7.2 is affected by a PHP code execution vulnerability. The sauvePass action in {webroot}/uno/central.php writes the username to password.php via file_put_contents() after a password change, allowing an attacker to inject PHP code into password.php and trigger code execution through login...

9.8CVSS9.7AI score0.01788EPSS
Web
CVE
CVE
added 2018/08/20 1:0 a.m.37 views

CVE-2018-15567

CMSUno before 1.5.3 is vulnerable to a cross-site scripting (XSS) issue in the title field. The vulnerability is described as XSS via the title field, affecting versions prior to 1.5.3. Exploitation details, impacted components beyond the title field, and remediation steps are not provided in the...

6.1CVSS5.9AI score0.00672EPSS