CVE-2020-25483

high-risk
Published 2020-10-23

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.

Do I need to act?

!
44.1% chance of exploitation in next 30 days
EPSS score — higher than 56% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Ucms Project

References (2)

Exploit https://sunian19.github.io/2020/09/08/UCMS%20v.1.4.8%20Command%20execution/
Exploit https://sunian19.github.io/2020/09/08/UCMS%20v.1.4.8%20Command%20execution/
54
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 17/34 · Moderate
Exposure 5/34 · Minimal