CRITICAL🇵🇱 Wersja polska

CVE-2020-25537

CVSS 9.8v3.1pub. 2020-11-30upd. 2024-11-21

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ucms Project Ucms

    APP
    Ucms Project
    1.5.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-38297CRITICAL9.8ten sam produkt

UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.

CVE-2022-35426CRITICAL9.8ten sam produkt

UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file.

CVE-2022-28443CRITICAL9.1ten sam produkt

UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability.

CVE-2020-25483CRITICAL9.8ten sam produkt

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, whe...

CVE-2018-17035CRITICAL9.8ten sam produkt

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.