Headline
CVE-2022-42234: There is an file inclusion vulnerability() in the template management module in UCMS 1.6. · Issue #1 · luoyangchangan/bug
There is a file inclusion vulnerability in the template management module in UCMS 1.6
vendor: http://uuu.la/
UCMS 1.6 installation package: http://uuu.la/uploadfile/file/ucms_1.6.zip
After installation, log in to the background
click Site management
click on the Custom page
fiset click Add Page,then click choose
click footer.php
Add shellcode ,then click save it
And then we go to the home page,and we find that the code has been executed
According to the code, we find that it is caused by the include function with inc/func.php,it use the previous template file(footer.php)