CNNVD-202512-458 Information
CNNVD ID
CNNVD-202512-458
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
UNA是UNA公司的一套用于构建自定义社区网站、社交网络和协作中心的全栈软件平台。 UNA 9.0.0-RC1版本至14.0.0-RC4版本存在代码问题漏洞,该漏洞源于BxBaseMenuSetAclLevel.php对profile_id参数反序列化处理不当,可能导致PHP对象注入和任意代码执行。
Description (English)
The United Nations Mission in the Democratic Republic of the Congo (UNA) is a United Nations country team (UNA) software platform for the construction of custom community websites, social networks and collaborative centres. UN 9.0.0-RC1 to 14.0.0-RC4 has a code problem loophole, which stems from BxBaseMenuSetAclLevel.php ’ s inappropriate inverse sequence of profile id parameters, which may lead to PHP object injection and arbitrary code execution.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
UNA
Published
2025-12-04
Last Modified
2026-02-24
References
https://github.com/unacms/una https://karmainsecurity.com/KIS-2025-01 https://unacms.com https://www.exploit-db.com/exploits/52139 https://www.vulncheck.com/advisories/una-cms-900-rc1-1400-rc4-php-object-injection
Share on: