boiteasite/cmsuno

boiteasite/cmsuno

Releases51

Frequency2 months 4 days

Last Release almost 2 years ago

Stars28

An easy and clever tool to create one-page responsive websites

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-40889 ↗	Oct 11, 2021Monday, 11 October 2021, 10:15	9.8 CRITICAL	7.5 HIGH
CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into password.php and then use the login function to execute code.
CVE-2021-36654 ↗	Aug 3, 2021Tuesday, 3 August 2021, 18:15	5.4 MEDIUM	3.5 LOW
CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.
CVE-2020-15600 ↗	Jul 7, 2020Tuesday, 7 July 2020, 22:15	6.5 MEDIUM	4.3 MEDIUM
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2018-15567 ↗	Aug 20, 2018Monday, 20 August 2018, 01:29	—	4.3 MEDIUM
CMSUno before 1.5.3 has XSS via the title field.