Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
22 lines (20 sloc) 962 Bytes

UCMS

Vulnerability Name:

An issue was discovered in UCMS. It allows PHP code injection via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.

Vulnerability version number:

UCMS v1.4.6

Vulnerability:

high risk

Location

The vulnerability located in the /install/index.php. imgage imgage

Vulnerability Description:

When in the progress of installing.The systemdomain name control is not strict during installation, which can lead to PHP code executed.

Payload

1');phpinfo();#

imgage imgage imgage

Suggestions for rectification:

Filter user input data.