📦 Ujcms

This vulnerability in ujcms v8.0.2 allows remote attackers to spoof IP addresses via the X-Forwarded-For header, potentially leading to information disclosure and arbitrary code execution. Any organiz...

This CVE describes a critical file upload vulnerability in ujcms 6.0.2 that allows attackers to upload arbitrary files, including malicious scripts, via the /api/backend/core/web-file-upload/upload en...

A directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files to arbitrary locations on the server via the rename feature. This affects all ujcms 6.0.2 installations with the vulne...

This vulnerability allows remote attackers to perform injection attacks via manipulated driverClassName/url parameters in Dromara UJCMS's importChanel function. Attackers can potentially execute arbit...

This vulnerability allows authenticated attackers in UJCMS 9.6.3 to create malicious block/carousel items that redirect users to attacker-controlled websites. When users click these items, they can be...