Skip to main content

Cmsuno

6 CVEs product

Monthly

CVE-2021-40889 CRITICAL POC Act Now

CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Cmsuno
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-36654 MEDIUM POC This Month

CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cmsuno
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.9%
CVE-2020-25557 HIGH POC This Week

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Cmsuno
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
9.9%
CVE-2020-25538 HIGH POC This Week

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Cmsuno
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
9.9%
CVE-2020-15600 MEDIUM POC This Month

An issue was discovered in CMSUno before 1.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cmsuno
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
1.9%
CVE-2018-15567 MEDIUM This Month

CMSUno before 1.5.3 has XSS via the title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cmsuno
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection +1
NVD GitHub
EPSS 2% CVSS 5.4
MEDIUM POC This Month

CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cmsuno
NVD GitHub Exploit-DB
EPSS 10% CVSS 8.8
HIGH POC This Week

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP +1
NVD Exploit-DB
EPSS 10% CVSS 8.8
HIGH POC This Week

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP +1
NVD Exploit-DB
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in CMSUno before 1.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cmsuno
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM This Month

CMSUno before 1.5.3 has XSS via the title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cmsuno
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy