CVE-2026-2954 in UJCMSinfo

Zusammenfassung

von MITRE • 22.02.2026

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulDB

Veröffentlichung

22.02.2026

Moderieren

akzeptiert

Eintrag

VDB-347320

CPE

bereit

CWE

CWE-74 (bestätigt)

Exploit

Download

CVSS

9.8 (NVD)

EPSS

0.00060

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-2954
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-2954
CVE Details	https://www.cvedetails.com/cve/CVE-2026-2954/

◂ Zurück Übersicht Weiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!