2 matches found
CVE-2018-17036
An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...
CVE-2018-17036
UCMS 1.4.6 and 1.6 have a PHP code injection vulnerability in the installer. The flaw occurs in the install/index.php flow via the systemdomain parameter, enabling injection and execution of PHP code (demonstrated by injecting a phpinfo() call into /inc/config.php). Root cause, as described in mu...