Dear @boiteasite,
I found a security problem can lead to remote code execution in CMSUno version 1.7.2
Description:
sauvePass action in {webroot}/uno/central.php file call to file_put_contents() function to write username to password.php file when user successfully changed password, Becase of filter without ' , " , ; , (), ... the attacker can inject malicious php code into password.php
PoC:
When submit username and password, php code will be executed
The text was updated successfully, but these errors were encountered:
Dear @boiteasite,
I found a security problem can lead to remote code execution in CMSUno version 1.7.2
Description:
sauvePassaction in{webroot}/uno/central.phpfile call tofile_put_contents()function to write username topassword.phpfile when user successfully changed password, Becase of filter without' , " , ; , (), ...the attacker can inject malicious php code into password.phpPoC:
When submit username and password, php code will be executed

The text was updated successfully, but these errors were encountered: