File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25537
Reference (s):
- https://github.com/BigTiger2020/UCMS/blob/main/UCMS%20v1.5.0%20Arbitrary%20file%20upload%20vulnerability%20get%20shell.md
- https://sunian19.github.io/2020/09/11/UCMS%20v1.5.0%20Arbitrary%20file%20upload%20vulnerability/