Remote Code Execution in CMSUno 1.6.2

November 14, 2020

Overview :

Affected Product(s) :

Vulnerability Details :

CVE ID :	CVE-2020-25538
	An authenticated attacker can inject malicious code into “lang” parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.

Solution :

Unfixed on referenced version, please check again in product site of latest updates.