Vulnerabilities > Ucms Project > Ucms > 1.4.8

DATE CVE VULNERABILITY TITLE RISK
2020-10-23 CVE-2020-25483 Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.4.8
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
network
low complexity
ucms-project CWE-434
critical
 9.8
9.8
2020-09-04 CVE-2020-24981 Unspecified vulnerability in Ucms Project Ucms 1.4.8
An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8.
network
low complexity
ucms-project
5.3
5.3