Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-25483 PoC — UCMS 命令注入漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/UCMS%20%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%20CVE-2020-25483.md
Associated Vulnerability
Title:UCMS 命令注入漏洞 (CVE-2020-25483)
Description:UCMS是一套使用PHP语言编写的内容管理系统。 UCMS v1.4.8版本存在安全漏洞,该漏洞源于文件写的fopen()函数存在任意命令执行漏洞,攻击者可利用该漏洞可以通过该漏洞访问服务器。
File Snapshot

 # UCMS 文件上传漏洞 CVE-2020-25483

## 漏洞描述

UCMS v1.4.8版本存在安全漏洞,该漏洞源于文件写的fopen()函数存在任意命令执行漏洞,攻击者可利用该漏洞可以通

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.