Lucene search
K
UsualtoolUsualtoolcms

6 matches found

CVE
CVE
added 2024/10/13 7:0 p.m.64 views

CVE-2024-9916

HuangDou UTCMS V9 is affected by a remote OS command injection in app/modules/ut-cac/admin/cli.php via the o parameter. The vulnerability affects unknown functionality and can be exploited remotely; public exploit details exist and vendor reportedly did not respond. Remediation per sources: apply...

9.8CVSS7.7AI score0.73666EPSS
Web
CVE
CVE
added 2024/10/13 7:31 p.m.62 views

CVE-2024-9917

CVE-2024-9917 affects HuangDou UTCMS V9, with a deserialization flaw in the file app/modules/ut-template/admin/template_creat.php triggered via the content argument. Remote exploitation is possible, and public exploit disclosure is noted. Multiple sources corroborate the issue and indicate vendor...

6.5CVSS5.7AI score0.08703EPSS
CVE
CVE
added 2018/12/13 8:0 a.m.54 views

CVE-2018-20128

UsualToolCMS v8.0 (UTCMS) contains a vulnerability in cmsadmin\a_sqlback.php where a backname[] directory-traversal pathname can be crafted to delete arbitrary files. Remote attackers could exploit this to delete arbitrary files on the affected system. The root cause is a directory-traversal in t...

7.5CVSS7.4AI score0.01545EPSS
CVE
CVE
added 2024/10/13 8:0 p.m.49 views

CVE-2024-9918

The CVE-2024-9918 issue concerns HuangDou UTCMS V9, specifically the RunSql function in app/modules/ut-data/admin/sql.php. The vulnerability is a SQL injection caused by improper handling of the sql argument, with remote exploitation described as possible and the exploit publicly disclosed. Multi...

7.2CVSS5.4AI score0.00557EPSS
Web
CVE
CVE
added 2019/01/12 2:0 a.m.42 views

CVE-2019-6244

Vulnerability summary (CVE-2019-6244): In UsualToolCMS 8.0, nonce CSRF protection flaw in the endpoint cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can trigger SQL statements and, consequently, write arbitrary PHP code to a .php file. This is documented across multiple sources (NVD entr...

8.8CVSS9AI score0.00523EPSS
Web
CVE
CVE
added 2018/10/17 4:0 a.m.40 views

CVE-2018-18422

CVE-2018-18422 affects UsualToolCMS 8.0. The vulnerability is a CSRF flaw that allows an attacker to add a new user via the path cmsadmin/a_adminx.php?x=a. Reported CVSS metrics: CVSS v2 base 6.8 (MEDIUM) and CVSS v3 base 8.8 (HIGH). Root cause: CSRF in the user-creation flow. Impact details are ...

8.8CVSS8.6AI score0.00494EPSS
Web