Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into password.php and then use the login function to execute code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CMSUno 代码注入漏洞
Vulnerability Description
CMSUno是法国Jacques Malgrange个人开发者的一款用于创建单页响应式网站的工具。 CMSUno 1.7.2版本存在安全漏洞,该漏洞源于软件受到PHP代码执行漏洞的影响。当用户成功修改密码时,调用file_put_contents()函数在password.php文件中写入用户名。攻击者可利用该漏洞可以在password.php中注入恶意PHP代码,然后使用登录功能执行代码。
CVSS Information
N/A
Vulnerability Type
N/A