High severity8.8NVD Advisory· Published Nov 13, 2020· Updated Jun 17, 2026
CVE-2020-25557
CVE-2020-25557
Description
In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- CMSuno/CMSunodescription
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/161162/CMSUno-1.6.2-Remote-Code-Execution.htmlnvdExploitThird Party AdvisoryVDB Entry
- fatihhcelik.blogspot.com/2020/09/cmsuno-162-remote-code-execution.htmlnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.