Overview :
Remote Code Execution in CMSUno 1.6.2
Affected Product(s) :
  • Version: 1.6.2
Vulnerability Details :
CVE ID : CVE-2020-25538
An authenticated attacker can inject malicious code into “lang” parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.

Solution :

Unfixed on referenced version, please check again in product site of latest updates.