Vulnerabilities

CVE-2025-66571

by Fred · 04/12/2025

UNA CMS versions 9.0.0-RC1 – 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write and execute arbitrary PHP code.

More information : https://github.com/unacms/una

Similar

Tags: Cybersecurity Alert