Ujcms

Ujcms

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-2954

Exploit
  • EPSS 0.05%
  • Veröffentlicht 22.02.2026 15:02:17
  • Zuletzt bearbeitet 25.02.2026 17:45:50

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url resu...

9.1

CVE-2026-2953

Exploit
  • EPSS 0.16%
  • Veröffentlicht 22.02.2026 14:16:02
  • Zuletzt bearbeitet 25.02.2026 17:59:00

A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulation leads to path traversal. The attack may be perfor...

5.4

CVE-2025-2491

Exploit
  • EPSS 0.08%
  • Veröffentlicht 18.03.2025 14:31:03
  • Zuletzt bearbeitet 04.11.2025 19:41:43

A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The man...

5.4

CVE-2025-2490

Exploit
  • EPSS 0.06%
  • Veröffentlicht 18.03.2025 14:00:07
  • Zuletzt bearbeitet 06.11.2025 19:39:49

A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upl...

4.8

CVE-2024-55451

Exploit
  • EPSS 0.03%
  • Veröffentlicht 16.12.2024 23:15:06
  • Zuletzt bearbeitet 24.04.2025 15:26:43

A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a malicious...

5.4

CVE-2024-55452

Exploit
  • EPSS 0.14%
  • Veröffentlicht 16.12.2024 23:15:06
  • Zuletzt bearbeitet 24.04.2025 15:20:21

A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, atta...

5.9

CVE-2024-12483

Exploit
  • EPSS 1.57%
  • Veröffentlicht 12.12.2024 01:40:29
  • Zuletzt bearbeitet 13.12.2024 17:12:32

A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the...

5.4

CVE-2023-51806

Exploit
  • EPSS 0.1%
  • Veröffentlicht 12.01.2024 13:15:11
  • Zuletzt bearbeitet 21.11.2024 08:38:51

File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file.

9.8

CVE-2023-51350

Exploit
  • EPSS 3.61%
  • Veröffentlicht 11.01.2024 23:15:08
  • Zuletzt bearbeitet 16.06.2025 19:15:26

A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header.

9.8

CVE-2023-34747

Exploit
  • EPSS 26.08%
  • Veröffentlicht 14.06.2023 14:15:10
  • Zuletzt bearbeitet 06.01.2025 20:15:33

File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload.