Vulnerability Details CVE-2018-17036
An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-17036
-
cpe:2.3:a:ucms_project:ucms:1.4.6
-
cpe:2.3:a:ucms_project:ucms:1.6