Vulnerabilities

CVE-2020-25538

by Fred · 13/11/2020

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.

Date published : 2020-11-13

http://packetstormsecurity.com/files/161162/CMSUno-1.6.2-Remote-Code-Execution.html

https://fatihhcelik.blogspot.com/2020/09/cmsuno-162-remote-code-execution_30.html

Similar

Tags: Cybersecurity Alert