exploitDog

CVE-2020-25537

Опубликовано: 30 нояб. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.

Ссылки

https://github.com/BigTiger2020/UCMS/blob/main/UCMS%20v1.5.0%20Arbitrary%20file%20upload%20vulnerability%20get%20shell.md
Exploit
Third Party Advisory
https://sunian19.github.io/2020/09/11/UCMS%20v1.5.0%20Arbitrary%20file%20upload%20vulnerability/
Exploit
Third Party Advisory
https://github.com/BigTiger2020/UCMS/blob/main/UCMS%20v1.5.0%20Arbitrary%20file%20upload%20vulnerability%20get%20shell.md
Exploit
Third Party Advisory
https://sunian19.github.io/2020/09/11/UCMS%20v1.5.0%20Arbitrary%20file%20upload%20vulnerability/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ucms_project:ucms:1.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00398

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-vf9r-c7v2-7275

github

больше 3 лет назад

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.

EPSS

Процентиль: 60%

0.00398

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-434