Ucms
CVE-2020-25483
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
AnalysisAI
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. Affected products include: Ucms Project Ucms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning. Rated critical seve
UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. Rated critical severity (CVSS 9.8), this
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain serv
An issue was discovered in UCMS 1.4.6 and 1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploi
UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. Rated critical severi
There is a file inclusion vulnerability in the template management module in UCMS 1.6. Rated high severity (CVSS 8.8), t
An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file. R
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter. Rated hi
UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileed
UCMS 1.4.7 has ?do=user_addpost CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no aut
UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash]
user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superu
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today