📄 Description (English)
A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
🤖 AI Executive Summary
CVE-2026-2954 is a SQL injection vulnerability in Dromara UJCMS 10.0.2 affecting the ImportDataController's importChannel function. An attacker can manipulate the driverClassName/url parameters to inject malicious SQL code, potentially leading to unauthorized data access or modification. With no patch available and public exploit details disclosed, this poses an immediate risk to organizations using this CMS platform.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 17, 2026 01:32
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations using UJCMS for content management, particularly in government digital transformation initiatives, media organizations, and educational institutions. Government agencies (under NCA oversight) and healthcare providers managing patient information systems are at highest risk. The SQL injection capability could lead to unauthorized access to sensitive citizen data, financial records, or confidential government communications. Banking sector exposure is moderate if UJCMS is used for customer-facing portals.
🏢 Affected Saudi Sectors
Government & Public Administration
Healthcare & Medical Services
Education & Universities
Media & Publishing
Banking & Financial Services
Telecommunications
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of UJCMS 10.0.2 in your environment using network scanning and asset inventory tools
2. Isolate affected systems from production networks if possible, or restrict access to the /api/backend/ext/import-data/import-channel endpoint
3. Review access logs for the importChannel function for suspicious activity (unusual driverClassName or url parameters)
4. Implement Web Application Firewall (WAF) rules to block requests containing SQL injection patterns to this endpoint
COMPENSATING CONTROLS:
5. Apply input validation at the application layer - whitelist allowed driverClassName values and validate URL format strictly
6. Implement parameterized queries/prepared statements if source code access is available
7. Restrict API endpoint access using IP whitelisting and authentication tokens
8. Enable database query logging and monitor for suspicious SQL patterns
9. Apply principle of least privilege to database user accounts used by UJCMS
DETECTION RULES:
10. Monitor for POST requests to /api/backend/ext/import-data/import-channel with parameters containing: UNION, SELECT, DROP, INSERT, UPDATE, DELETE, OR 1=1, comment sequences (-- or /*)
11. Alert on database connection attempts with unusual character encoding or escaped quotes
12. Track failed authentication attempts to the import-data endpoint
LONG-TERM:
13. Contact Dromara for security updates or consider migration to patched versions when available
14. Evaluate alternative CMS solutions with active security support
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حدد جميع حالات UJCMS 10.0.2 في بيئتك باستخدام أدوات المسح والجرد
2. عزل الأنظمة المتأثرة عن شبكات الإنتاج أو تقييد الوصول إلى نقطة النهاية /api/backend/ext/import-data/import-channel
3. راجع سجلات الوصول لوظيفة importChannel للبحث عن نشاط مريب
4. تطبيق قواعد جدار حماية تطبيقات الويب لحجب الطلبات التي تحتوي على أنماط حقن SQL
الضوابط التعويضية:
5. تطبيق التحقق من صحة الإدخال - إدراج قيم driverClassName المسموحة والتحقق من صيغة URL
6. تطبيق الاستعلامات المعاملة إذا كان الوصول إلى الكود المصدري متاحاً
7. تقييد وصول نقطة النهاية باستخدام القائمة البيضاء للعناوين وتوكنات المصادقة
8. تفعيل تسجيل استعلامات قاعدة البيانات ومراقبة الأنماط المريبة
9. تطبيق مبدأ الامتياز الأقل على حسابات مستخدمي قاعدة البيانات
قواعد الكشف:
10. مراقبة طلبات POST إلى النقطة النهائية التي تحتوي على كلمات مفتاحية SQL
11. التنبيه على محاولات الاتصال بقاعدة البيانات غير العادية
12. تتبع محاولات المصادقة الفاشلة
المدى الطويل:
13. اتصل بـ Dromara للحصول على تحديثات أمان أو فكر في الترقية
14. قيّم حلول CMS البديلة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.14.2.1 - Information security requirements analysis and specification
ECC 2024 A.14.2.5 - Secure development environment
ECC 2024 A.14.3.1 - Secure coding practices
ECC 2024 A.14.3.2 - Security testing during development
🔵 SAMA CSF
SAMA CSF ID.BE-3 - Organizational resilience objectives
SAMA CSF PR.DS-6 - Data is protected from unauthorized access
SAMA CSF DE.CM-1 - The network is monitored to detect potential cybersecurity events
🟡 ISO 27001:2022
ISO 27001:2022 A.8.2.3 - Segregation of duties
ISO 27001:2022 A.14.2.1 - Information security requirements
ISO 27001:2022 A.14.3.1 - Secure development policy
ISO 27001:2022 A.14.4.4 - Testing of security functionality
🟣 PCI DSS v4.0.1
PCI DSS 6.5.1 - Injection flaws prevention
PCI DSS 6.5.10 - Broken authentication prevention
🔗 References & Sources 4
🔗
https://vuldb.com/?ctiid.347320
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://vuldb.com/?id.347320
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/?submit.755222
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://www.yuque.com/la12138/pa2fpb/gsz2l14wlz8c4nsn?singleDoc
cna@vuldb.com
Broken Link
📦 Affected Products / CPE 1 entries
ujcms:ujcms:10.0.2