A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2ApplicationCWE-74CWE-707
Dromara UJCMS ImportDataController import-channel importChanel injection
Problem type
Affected products
Dromara
UJCMS
10.0.2 - AFFECTED
References
VDB-347320 | Dromara UJCMS ImportDataController import-channel importChanel injection
https://vuldb.com/?id.347320
VDB-347320 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.347320
Submit #755222 | ujcms 10.0.2 JDBC Connection Injection
https://vuldb.com/?submit.755222
yuque.com
https://www.yuque.com/la12138/pa2fpb/gsz2l14wlz8c4nsn?singleDoc
GitHub Security Advisories
GHSA-96mq-76jj-h8p9
A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the...
https://github.com/advisories/GHSA-96mq-76jj-h8p9A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-2954
vuldb.com
https://vuldb.com/?ctiid.347320
vuldb.com
https://vuldb.com/?id.347320
vuldb.com
https://vuldb.com/?submit.755222
yuque.com
https://www.yuque.com/la12138/pa2fpb/gsz2l14wlz8c4nsn?singleDoc
github.com
https://github.com/advisories/GHSA-96mq-76jj-h8p9
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-2954Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-2954",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-02-22T15:02:17.390Z",
"dateReserved": "2026-02-21T21:11:15.185Z",
"datePublished": "2026-02-22T15:02:17.390Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-02-22T15:02:17.390Z"
},
"title": "Dromara UJCMS ImportDataController import-channel importChanel injection",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "Dromara",
"product": "UJCMS",
"cpes": [
"cpe:2.3:a:ujcms:ujcms:*:*:*:*:*:*:*:*"
],
"modules": [
"ImportDataController"
],
"versions": [
{
"version": "10.0.2",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Injection",
"cweId": "CWE-74",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Improper Neutralization",
"cweId": "CWE-707",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.347320",
"name": "VDB-347320 | Dromara UJCMS ImportDataController import-channel importChanel injection",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.347320",
"name": "VDB-347320 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.755222",
"name": "Submit #755222 | ujcms 10.0.2 JDBC Connection Injection",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://www.yuque.com/la12138/pa2fpb/gsz2l14wlz8c4nsn?singleDoc",
"tags": [
"exploit"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"baseScore": 6.5
}
}
],
"timeline": [
{
"time": "2026-02-21T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-02-21T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-02-21T22:16:21.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "Saul1213 (VulDB User)",
"type": "reporter"
}
]
}
}
}