Dear @boiteasite,
I found a security problem can lead to remote code execution in CMSUno version 1.7.2
Description:
sauvePass action in {webroot}/uno/central.php file call to file_put_contents() function to write username to password.php file when user successfully changed password, Becase of filter without ' , " , ; , (), ... the attacker can inject malicious php code into password.php
PoC:
When submit username and password, php code will be executed
Dear @boiteasite, I found a security problem can lead to remote code execution in CMSUno version 1.7.2
Description:
sauvePass
action in{webroot}/uno/central.php
file call tofile_put_contents()
function to write username topassword.php
file when user successfully changed password, Becase of filter without' , " , ; , (), ...
the attacker can inject malicious php code into password.phpPoC:
When submit username and password, php code will be executed