Vulnerabilities > Ujcms > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-01-11 CVE-2023-51350 Authentication Bypass by Spoofing vulnerability in Ujcms 8.0.2
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header.
network
low complexity
ujcms CWE-290
critical
 9.8
9.8
2023-06-14 CVE-2023-34747 Unrestricted Upload of File with Dangerous Type vulnerability in Ujcms 6.0.2
File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload.
network
low complexity
ujcms CWE-434
critical
 9.8
9.8
2023-06-14 CVE-2023-34865 Path Traversal vulnerability in Ujcms 6.0.2
Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature.
network
low complexity
ujcms CWE-22
critical
 9.8
9.8
2022-02-04 CVE-2022-23329 Unrestricted Upload of File with Dangerous Type vulnerability in Ujcms Jspxcms 10.2.0
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.
network
low complexity
ujcms CWE-434
critical
 9.8
9.8