Cmsuno Project

cmsuno_project

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-40889 1Cmsuno Project 1Cmsuno Nov 21, 2024 Oct 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successf...Show more CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into password.php and then use the login function to execute code.Show less
CVE-2021-36654 1Cmsuno Project 1Cmsuno Nov 21, 2024 Aug 3, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.
CVE-2020-25557 1Cmsuno Project 1Cmsuno Nov 21, 2024 Nov 13, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of thi...Show more In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server.Show less
CVE-2020-25538 1Cmsuno Project 1Cmsuno Nov 21, 2024 Nov 13, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.
CVE-2020-15600 1Cmsuno Project 1Cmsuno Nov 21, 2024 Jul 7, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2018-15567 1Cmsuno Project 1Cmsuno Nov 21, 2024 Aug 20, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 CMSUno before 1.5.3 has XSS via the title field.