PHP Code Execution via change password function

Dear @boiteasite,
I found a security problem can lead to remote code execution in CMSUno version 1.7.2
# Description:
`sauvePass` action in `{webroot}/uno/central.php` file call to `file_put_contents()` function to write username to `password.php` file when user successfully changed password, Becase of filter without ` ' , " , ; , (), ...` the attacker can inject malicious php code into password.php
![image](https://i.imgur.com/8Kd6UPy.png)
# PoC:

![Image](https://i.imgur.com/yazjzDZ.png)

![image](https://user-images.githubusercontent.com/54875703/132621238-decc9add-0a35-4ebc-9443-9be06bf93bf0.png)


When submit username and password, php code will be executed
![Image](https://i.imgur.com/bJso0gx.png)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PHP Code Execution via change password function #19

Description:

PoC:

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

PHP Code Execution via change password function #19

Description

Description:

PoC:

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions