Remote Code Execution Vulnerability in CMSuno 1.6.2 via lang Parameter Injection

Remote Code Execution Vulnerability in CMSuno 1.6.2 via lang Parameter Injection

CVE-2020-25538 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.

Learn more about our Web App Pen Testing.