CVE-2020-25483

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0070%

EPSS Percentile32.93th

PublishedOct 23, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.

Affected Platforms (CPE)

📦

Ucms Project

Ucms

= 1.4.8

References & Advisories

🔗 https://sunian19.github.io/2020/09/08/UCMS%20v.1.4.8%20Command%20execution/

Related Vulnerabilities

CVE-2020-57579.8

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated r...

CVE-2018-170359.8

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.

CVE-2018-170369.8

An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to ...

CVE-2020-255379.8

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server managem...