<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Vulnerability Report

CVE-2020-2553 Command Injection in CMS Uno a CMS Server

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.

1.1        Vulnerability Summary

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMS Uno 1.6.2 and run this PHP code in the web page. In this way, attacker can take over the control of the server.

As Fatih Çelik of Bilishim, Turkey read through the code in the file /uno/central.php file,

He realized that code on this page will be imported into the uno.php page and that an attacker could then run the code running on the server. He discovered that by sending a specially crafted “POST” request to config.php and embedding an OS Command into the “lang” parameter on this page, he could perform OS Command Injection. He sent a NetCat command and was able to establish a reverse shell.

Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

The CVSS Base Score is 8.8 (High)

1.3        Affected Version

Uno v1.6.2 is affected

1.4        Vulnerability Attribution

Fatih Çelik of Bilishim, Turkey

1.5        Risk Impact

Many consider Uno CMS as a superfast CMS that has many plugins. It is a very popular CMS on Azure. Uno CMS is particularly suitable for building websites that need to be accessed on touch screens. Websites built on Uno CMS are easy to navigate and use. Plugins can easily be configured to make themes and sites highly effective. As a result, CMS Uno has a good-sized footprint. The attacker now can run arbitrary code on the remote end point. Fatih Çelik has posted a public exploit here.

1.6        Virsec Security Platform (VSP) Support

The Virsec Security Platform (VSP)- Web can detect command injection attacks reliably and can save its customers from this type of attack.

1.7        Reference Links

Download the full vulnerability report to learn more about this and other important vulnerabilities.