Home / Early Warning / Vulnerabilidades / CVE-2020-25483

CVE-2020-25483

Type: 
Command Injection
Severity: 
High
Publication date: 
10/23/2020
Last modified: 
11/02/2020
Description
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability
Vulnerable software and versions
  • cpe:2.3:a:ucms_project:ucms:1.4.8:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
Explanation of fields