2018-09-14 09:29:00 2018-11-07 16:57:56

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.