Alex T⚜️
 ·   ·  3 posts
  •  ·  183 friends

Security Advisory: Critical Vulnerability in UNA CMS Versions Prior to 14.0.0-RC5

We have identified and resolved a critical security vulnerability affecting UNA CMS versions prior to 14.0.0-RC5. This vulnerability could allow unauthorized remote code execution under certain conditions.

We strongly urge all UNA site owners to upgrade immediately to the latest stable release, UNA 14.0.0, to ensure your site remains secure.

Who Is Affected

• All installations running UNA CMS versions earlier than 14.0.0-RC5

Recommended Action

• Update to UNA 14.0.0 as soon as possible.

• If you are unable to upgrade right away, please contact us directly at team@unacms.com — we will provide a list of necessary changes to secure your site.

Signs of Potential CompromiseIf your site was compromised, you may notice one or more of the following:

• Suspicious code inserted at the beginning or end of inc/header.inc.php

• Unexpected PHP files inside the /cache_public/ directory

• Unusual or modified cron jobs running under the web server user

• High CPU usage without an apparent cause

If you suspect a compromise, we recommend:

• Restoring your site from a backup taken prior to the intrusion

• Contacting your hosting provider for assistance

UNA Cloud Customers

All sites hosted on UNA Cloud infrastructure have already been patched.

This advisory does not cover self-hosted deployments — those must be updated manually.

We take security very seriously and appreciate the community’s vigilance in keeping UNA secure.

For any questions or assistance, please reach out to our support team.

😲 2
  • View
    272
  • Repost
    1
  • More