An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.
{ "cpe": "cpe:2.3:a:cmsuno_project:cmsuno:1.6.2:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "1.6.2" }, { "last_affected": "1.6.2" } ], "source": "CPE_STRING" }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25538.json"