Description
A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulation leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-02-22
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Path Traversal leading to remote deletion of arbitrary files
Action: Patch
AI Analysis

Impact

This vulnerability arises in the deleteDirectory function of the WebFileTemplateController, allowing an attacker to manipulate file paths and delete files outside the intended directory scope. The description indicates that the attack may be performed from remote, suggesting that remote attackers can specify arbitrary file paths through the delete endpoint, potentially removing critical configuration files or user data. Such an action compromises data integrity and availability, especially if the affected files belong to the CMS core or site content.

Affected Systems

The flaw affects Dromara UJCMS version 101.2 and earlier releases. System administrators should verify the exact build installed and check for updates provided by the vendor.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity for the path traversal flaw. The EPSS score of less than 1% signals a currently low exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack can be performed remotely by sending a crafted request to the delete endpoint of the WebFileTemplateController. This inference assumes an HTTP interface, which is suggested by the web controller naming convention. The CVE description does not provide specifics about authentication or authorization checks, so it is unclear whether an attacker would require prior access to the CMS. Nonetheless, successful exploitation would allow deletion of arbitrary files within the server filesystem, potentially compromising data integrity and availability.

Generated by OpenCVE AI on April 18, 2026 at 17:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor-provided patch or upgrade to a fixed version as soon as it becomes available.
  • Restrict access to the WebFileTemplateController delete endpoint by enabling authentication and authorizing only privileged roles.
  • Implement input validation to ensure that the file path remains within the intended directory and reject any attempts that contain traversal characters such as "../".
  • If a patch is not yet available, consider temporarily disabling the deleteDirectory functionality or blocking access to the endpoint until remediation can be applied.

Generated by OpenCVE AI on April 18, 2026 at 17:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Feb 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ujcms:ujcms:10.1.2:*:*:*:*:*:*:*

Wed, 25 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Dromara
Dromara ujcms
Vendors & Products Dromara
Dromara ujcms

Sun, 22 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulation leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Dromara UJCMS Template WebFileTemplateController.delete deleteDirectory path traversal
First Time appeared Ujcms
Ujcms ujcms
Weaknesses CWE-22
CPEs cpe:2.3:a:ujcms:ujcms:*:*:*:*:*:*:*:*
Vendors & Products Ujcms
Ujcms ujcms
References
Metrics cvssV2_0

{'score': 5.5, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Dromara Ujcms
Ujcms Ujcms
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-25T16:03:10.026Z

Reserved: 2026-02-21T21:11:08.662Z

Link: CVE-2026-2953

cve-icon Vulnrichment

Updated: 2026-02-25T16:03:03.482Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-22T14:16:02.890

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-2953

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:00:06Z

Weaknesses