Description
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://sunian19.github.io/2020/09/08/UCMS%20v.1.4.8%20Command%20execution/
Scores
CVSS v3
9.8
EPSS
0.4412
EPSS Percentile
97.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
ucms_project/ucms
1.4.8
Published
Oct 23, 2020
Tracked Since
Feb 18, 2026