Incorrect Access Control Vulnerability in UCMS 1.4.8 Allows Information Leak via Direct Access

Incorrect Access Control Vulnerability in UCMS 1.4.8 Allows Information Leak via Direct Access

CVE-2020-24981 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS.

Learn more about our Web App Pen Testing.