Ujcms
Monthly
SQL/code injection in Dromara UJCMS 10.0.2 allows authenticated remote attackers to manipulate database driver parameters (driverClassName/url) through the ImportDataController's import-channel endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response. Successful exploitation could result in unauthorized data access, modification, or system availability impacts.
Path traversal in Dromara UJCMS 101.2 Template Handler allows authenticated remote attackers to manipulate the deleteDirectory function and access files outside intended directories. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification. The attack requires valid credentials but can be executed remotely with minimal complexity.
A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Dromara ujcms 9.7.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQL/code injection in Dromara UJCMS 10.0.2 allows authenticated remote attackers to manipulate database driver parameters (driverClassName/url) through the ImportDataController's import-channel endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response. Successful exploitation could result in unauthorized data access, modification, or system availability impacts.
Path traversal in Dromara UJCMS 101.2 Template Handler allows authenticated remote attackers to manipulate the deleteDirectory function and access files outside intended directories. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification. The attack requires valid credentials but can be executed remotely with minimal complexity.
A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Dromara ujcms 9.7.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.