CVE-2018-17035

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.