Known Vulnerabilities for products from Ujcms
Listed below are 10 of the newest known vulnerabilities associated with the vendor "Ujcms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-2954 json | A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-... | Not Provided | 2026-02-22 | 2026-04-29 |
| CVE-2026-2953 json | A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTem... | Not Provided | 2026-02-22 | 2026-04-29 |
| CVE-2024-0599 json | 5.4 - MEDIUM | 2024-01-16 | 2024-01-23 | |
| CVE-2023-34878 json | An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/... | 7.5 - HIGH | 2023-06-14 | 2023-06-22 |
| CVE-2023-34865 json | Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature. | 9.8 - CRITICAL | 2023-06-14 | 2023-06-22 |
| CVE-2023-34747 json | File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload. | 9.8 - CRITICAL | 2023-06-14 | 2023-06-22 |
| CVE-2023-24369 json | A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via inje... | 6.1 - MEDIUM | 2023-02-17 | 2023-02-27 |
| CVE-2023-3231 json | A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of... | 6.5 - MEDIUM | 2023-06-14 | 2023-11-07 |
| CVE-2022-28090 json | Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. | 6.5 - MEDIUM | 2022-05-04 | 2022-05-12 |
| CVE-2022-23329 json | A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitra... | 9.8 - CRITICAL | 2022-02-04 | 2022-02-09 |