CVE-2020-21650

Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add()...

Basic Information

CVE State: PUBLISHED
Reserved Date: August 13, 2020
Published Date: October 06, 2021
Last Updated: August 04, 2024
Vendor: GrandStream
Product: Myucms
Description: Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method.
Tags

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS Score

Score: 2.48% (Percentile: 84.51%) as of 2025-05-31

Exploit Status

Exploited in the Wild: Yes (2025-05-03 00:00:00 UTC) Source

References

https://github.com/lolipop1234/XXD/issues/6 https://cwe.mitre.org/data/definitions/96.html

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-05-03 00:00:00 UTC

Timeline

CVE ID Reserved

August 13, 2020
CVE Published to Public

October 06, 2021
Added to KEVIntel

May 03, 2025