RSS   Vulnerabilities for 'Cmsuno'   RSS

2021-10-11
 
CVE-2021-40889

CWE-94
 

 
CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into password.php and then use the login function to execute code.

 
2021-08-03
 
CVE-2021-36654

CWE-79
 

 
CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.

 
2020-11-13
 
CVE-2020-25538

CWE-77
 

 
An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.

 
2020-07-07
 
CVE-2020-15600

CWE-352
 

 
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.

 
2018-08-19
 
CVE-2018-15567

CWE-79
 

 
CMSUno before 1.5.3 has XSS via the title field.

 


Copyright 2024, cxsecurity.com

 

Back to Top