13 Layers
SHARE

CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into password.php and then use the login function to execute code. (CVSS:0.0) (Last Update:2021-10-11)

13 Layers Managed Security Services