Unrated severityNVD Advisory· Published Oct 11, 2021· Updated Aug 4, 2024
CVE-2021-40889
CVE-2021-40889
Description
CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into password.php and then use the login function to execute code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- CMSUno/CMSUnodescription
- Range: = 1.7.2
Patches
Vulnerability mechanics
References
1- github.com/boiteasite/cmsuno/issues/19mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.