彙總 cmsuno_project 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 跨站腳本與CSRF,在 軟體部署與生產負載 使用場景中可能帶來 工作階段劫持 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2021-40889 | CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into password.php and then use the login function to execute code. | [email protected] | 9.8 | 1.79% | 2021-10-11 | 2024-11-21 |
| CVE-2021-36654 | CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme. | [email protected] | 5.4 | 1.94% | 2021-08-03 | 2024-11-21 |
| CVE-2020-25557 | In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server. | [email protected] | 8.8 | 9.85% | 2020-11-13 | 2024-11-21 |
| CVE-2020-25538 | An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server. | [email protected] | 8.8 | 9.85% | 2020-11-13 | 2024-11-21 |
| CVE-2020-15600 | An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password. | [email protected] | 6.5 | 1.90% | 2020-07-07 | 2024-11-21 |
| CVE-2018-15567 | CMSUno before 1.5.3 has XSS via the title field. | [email protected] | 6.1 | 0.67% | 2018-08-20 | 2024-11-21 |