UCMS v1.5.0 Arbitrary file upload vulnerability get shell
- Vulnerability Type :
V 1.5.0 - Recurring environment:
Windows 10
PHP 5.4.45
Apache 2.4.39 - Vulnerability Description AND recurrence:
The upload bug is very easy
The vulnerability is in the \ucms_1.5\ucms\sadmin\file.php file, where there is no suffix to verify the uploaded file. Direct move_uploaded_file function has been uploaded.

Upload files


We can use Cknife get Webshell

We can also execute system commands
