UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.
ucms project ucms 1.6