3 matches found
UCMS Project Command Injection (CVE-2020-25483)
A command Injection vulnerability exists in UCMS Project. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2020-25483
creationtimestamp| type| source ---|---|--- 2020-10-23 22:54:02+00:00| seen| https://t.me/cibsecurity/15561...
CVE-2020-25483
UCMS v1.4.8 contains an arbitrary command execution vulnerability in the fopen() function used for file writes. The issue stems from UCMS’s handling of file writes, enabling an attacker to gain access to the server. Public references from NVD, Red Hat, CNVD and others corroborate the vulnerabilit...