10
CVE-2020-25537
- EPSS 0.4%
- Veröffentlicht 30.11.2020 18:15:11
- Zuletzt bearbeitet 21.11.2024 05:18:05
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginFile upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ucms Project ≫ Ucms Version1.5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.599 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.