An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HUcms Project Ucms
APPUcms Project1.4.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2022-38297CRITICAL9.8ten sam produkt
UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.
CVE-2022-35426CRITICAL9.8ten sam produkt
UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file.
CVE-2022-28443CRITICAL9.1ten sam produkt
UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability.
CVE-2020-25537CRITICAL9.8ten sam produkt
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to o...
CVE-2018-17035CRITICAL9.8ten sam produkt
UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.