CVE-2018-17035by Jeremyin Security Bulletinson Posted on September 14, 2018 UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.