An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25483
Reference (s):
- https://sunian19.github.io/2020/09/08/UCMS%20v.1.4.8%20Command%20execution/