CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-25537

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1830%
EPSS Percentile20.58th
Published2020年11月30日
Last Modified2024年11月21日

Vulnerability Description

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.

Affected Platforms (CPE)

📦
Ucms Project

Ucms

= 1.5.0

References & Advisories

🔗 https://github.com/BigTiger2020/UCMS/blob/main/UCMS%20v1.5.0%20Arbitrary%20file%20upload%20vulnerability%20get%20shell.md
🔗 https://sunian19.github.io/2020/09/11/UCMS%20v1.5.0%20Arbitrary%20file%20upload%20vulnerability/
🔗 https://github.com/BigTiger2020/UCMS/blob/main/UCMS%20v1.5.0%20Arbitrary%20file%20upload%20vulnerability%20get%20shell.md
🔗 https://sunian19.github.io/2020/09/11/UCMS%20v1.5.0%20Arbitrary%20file%20upload%20vulnerability/

関連する脆弱性情報

CVE-2020-57579.8

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated r...

CVE-2018-170359.8

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.

CVE-2018-170369.8

An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to ...

CVE-2020-254839.8

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can g...