Vulnerabilities
Vulnerable Software
Cmsuno Project:  >> Cmsuno  >> 1.6.2  Security Vulnerabilities
An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.
CVSS Score
8.8
EPSS Score
0.045
Published
2020-11-13
In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server.
CVSS Score
8.8
EPSS Score
0.06
Published
2020-11-13


Contact Us

Shodan ® - All rights reserved