📄 Description (English)
A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulation leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🤖 AI Executive Summary
A path traversal vulnerability exists in Dromara UJCMS 10.1.2's Template Handler component, allowing remote attackers to delete arbitrary directories through the deleteDirectory function. With a CVSS score of 5.4 and publicly disclosed exploit code, this poses a moderate risk to organizations using this CMS. No patch is currently available from the vendor, requiring immediate compensating controls.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 28, 2026 04:44
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations using UJCMS for content management—particularly government agencies, educational institutions, and media organizations—face risk of data loss and service disruption. Government entities under NCA oversight and SAMA-regulated financial institutions using this CMS for public-facing portals are at elevated risk. The vulnerability could enable attackers to delete critical template directories, causing website defacement or complete service unavailability. Telecom and energy sector organizations using UJCMS for customer portals or internal documentation systems could experience operational disruption.
🏢 Affected Saudi Sectors
Government
Education
Media and Publishing
Telecommunications
Energy
Healthcare
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Inventory all systems running UJCMS 10.1.2 and isolate affected instances from production if possible
2. Implement Web Application Firewall (WAF) rules to block requests containing path traversal patterns (../, ..\, %2e%2e) targeting the /template or /delete endpoints
3. Restrict access to WebFileTemplateController.delete to authorized administrators only via IP whitelisting and authentication enforcement
4. Monitor and log all file deletion operations in the application
COMPENSATING CONTROLS:
5. Implement strict file system permissions—ensure UJCMS application runs with minimal privileges and cannot access parent directories
6. Deploy file integrity monitoring (FIM) on template directories to detect unauthorized deletions
7. Maintain automated daily backups of template directories with immutable retention policies
8. Disable the deleteDirectory functionality if not operationally required
DETECTION RULES:
9. Monitor for HTTP requests with patterns: POST/GET to */delete* containing encoded or literal path traversal sequences
10. Alert on unexpected file deletions in template directories outside normal maintenance windows
11. Track failed authentication attempts to template management endpoints
PATCHING STRATEGY:
12. Contact Dromara for security updates or consider migration to patched versions when available
13. Evaluate alternative CMS solutions with active security support if vendor remains unresponsive
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. قم بحصر جميع الأنظمة التي تعمل بـ UJCMS 10.1.2 وعزل الحالات المتأثرة عن الإنتاج إن أمكن
2. تطبيق قواعد جدار حماية تطبيقات الويب (WAF) لحجب الطلبات التي تحتوي على أنماط اجتياز المسار (../, ..\, %2e%2e) الموجهة إلى نقاط نهاية /template أو /delete
3. تقييد الوصول إلى WebFileTemplateController.delete للمسؤولين المصرح لهم فقط عبر قائمة بيضاء IP وفرض المصادقة
4. مراقبة وتسجيل جميع عمليات حذف الملفات في التطبيق
الضوابط التعويضية:
5. تطبيق أذونات نظام الملفات الصارمة—تأكد من أن تطبيق UJCMS يعمل بأقل الامتيازات ولا يمكنه الوصول إلى المجلدات الأب
6. نشر مراقبة سلامة الملفات (FIM) على مجلدات القوالب للكشف عن الحذف غير المصرح به
7. الحفاظ على النسخ الاحتياطية اليومية الآلية لمجلدات القوالب مع سياسات الاحتفاظ غير القابلة للتغيير
8. تعطيل وظيفة deleteDirectory إذا لم تكن مطلوبة تشغيلياً
قواعد الكشف:
9. مراقبة طلبات HTTP بالأنماط: POST/GET إلى */delete* تحتوي على تسلسلات اجتياز مسار مشفرة أو حرفية
10. تنبيه على حذف الملفات غير المتوقعة في مجلدات القوالب خارج نوافذ الصيانة العادية
11. تتبع محاولات المصادقة الفاشلة لنقاط نهاية إدارة القوالب
استراتيجية التصحيح:
12. اتصل بـ Dromara للحصول على تحديثات الأمان أو فكر في الترقية إلى إصدارات مصححة عند توفرها
13. قيّم حلول CMS البديلة مع دعم أمان نشط إذا ظل البائع غير مستجيب
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information Security Policies and Procedures
A.8.1.1 - User Access Management
A.12.2.1 - Change Management
A.12.4.1 - Event Logging
A.13.1.1 - Network Security Perimeter
🔵 SAMA CSF
ID.AM-2 - Software Inventory
PR.AC-1 - Access Control Policy
PR.PT-1 - Security Awareness and Training
DE.CM-1 - System Monitoring
RS.MI-2 - Incident Response Procedures
🟡 ISO 27001:2022
A.5.1.1 - Information security policies
A.8.1.4 - Access management
A.12.4.1 - Event logging
A.14.2.1 - Secure development policy
A.16.1.5 - Response to information security incidents
🔗 References & Sources 4
🔗
https://vuldb.com/?ctiid.347319
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://vuldb.com/?id.347319
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/?submit.755215
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://www.yuque.com/la12138/pa2fpb/lxngf3d07uyd0nwp?singleDoc
cna@vuldb.com
Exploit
Third Party Advisory
📦 Affected Products / CPE 1 entries
ujcms:ujcms:10.1.2