CVE-2020-25483

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0070%

EPSS Percentile32.93th

Published2020年10月23日

Last Modified2024年11月21日

Vulnerability Description

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.

Affected Platforms (CPE)

📦

Ucms Project

Ucms

= 1.4.8

References & Advisories

🔗 https://sunian19.github.io/2020/09/08/UCMS%20v.1.4.8%20Command%20execution/

相关漏洞威胁

CVE-2020-57579.8

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated r...

CVE-2018-170359.8

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.

CVE-2018-170369.8

An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to ...

CVE-2020-255379.8

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server managem...