124 matches found
CVE-2024-12483
A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack i...
CVE-2024-12483
A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack i...
CVE-2024-12483 Dromara UJCMS User ID id authorization
A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack i...
CVE-2024-12483 Dromara UJCMS User ID id authorization
A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack i...
CVE-2024-12483
CVE-2024-12483 affects Dromara UJCMS up to version 9.6.3, via an insecure direct object reference in the file path component “/users/id” of the User ID Handler. The vulnerability enables unauthenticated or remote exploitation that leads to an authorization bypass, with attackers able to discover ...
CVE-2023-51806
File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file...
CVE-2023-51806
File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file...
Unrestricted file upload
File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file...
CVE-2023-51806
File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file...
CVE-2023-51806
File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file...
UJCMS Security Vulnerabilities
UJCMS is a Java open source content management system from UJCMS Open Source. A security vulnerability exists in UJCMS version v.8.0.2, which stems from the presence of a file upload vulnerability that allows a local attacker to execute arbitrary code via a crafted file...
PT-2024-14300 · Ujcms · Ujcms
Name of the Vulnerable Software and Affected Versions: Ujcms version 8.0.2 Description: The issue allows a local attacker to execute arbitrary code via a crafted file, exploiting a File Upload vulnerability. Recommendations: For Ujcms version 8.0.2, consider disabling file upload functionality...
CVE-2023-51806
CVE-2023-51806 affects Ujcms v8.0.2. A local attacker can upload a crafted file to trigger arbitrary code execution via a file upload vulnerability. Impact is described as local, with high confidentiality/integrity/availability risk in some sources. No public exploit details are provided in the d...
CVE-2023-51350
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header...
CVE-2023-51350
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header...
Design/Logic Flaw
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header...
CVE-2023-51350
CVE-2023-51350 affects ujcms v8.0.2. A spoofing vulnerability allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script in the X-Forwarded-For header. Impact is described as high (confidentiality, integrity, and availability). No product patch/versio...
PT-2024-14083 · Ujcms · Ujcms
Name of the Vulnerable Software and Affected Versions: ujcms version 8.0.2 Description: A spoofing attack allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header. Recommendations: For ujcms version 8.0....
CVE-2023-51350
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header...
CVE-2023-51350
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header...