CRITICAL🇵🇱 Wersja polska

CVE-2020-25483

CVSS 9.8v3.1pub. 2020-10-23upd. 2024-11-21

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ucms Project Ucms

    APP
    Ucms Project
    1.4.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-38297CRITICAL9.8ten sam produkt

UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.

CVE-2022-35426CRITICAL9.8ten sam produkt

UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file.

CVE-2022-28443CRITICAL9.1ten sam produkt

UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability.

CVE-2020-25537CRITICAL9.8ten sam produkt

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to o...

CVE-2018-17035CRITICAL9.8ten sam produkt

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.