6 matches found
CVE-2024-9916
HuangDou UTCMS V9 is affected by a remote OS command injection in app/modules/ut-cac/admin/cli.php via the o parameter. The vulnerability affects unknown functionality and can be exploited remotely; public exploit details exist and vendor reportedly did not respond. Remediation per sources: apply...
CVE-2024-9917
CVE-2024-9917 affects HuangDou UTCMS V9, with a deserialization flaw in the file app/modules/ut-template/admin/template_creat.php triggered via the content argument. Remote exploitation is possible, and public exploit disclosure is noted. Multiple sources corroborate the issue and indicate vendor...
CVE-2018-20128
UsualToolCMS v8.0 (UTCMS) contains a vulnerability in cmsadmin\a_sqlback.php where a backname[] directory-traversal pathname can be crafted to delete arbitrary files. Remote attackers could exploit this to delete arbitrary files on the affected system. The root cause is a directory-traversal in t...
CVE-2024-9918
The CVE-2024-9918 issue concerns HuangDou UTCMS V9, specifically the RunSql function in app/modules/ut-data/admin/sql.php. The vulnerability is a SQL injection caused by improper handling of the sql argument, with remote exploitation described as possible and the exploit publicly disclosed. Multi...
CVE-2019-6244
Vulnerability summary (CVE-2019-6244): In UsualToolCMS 8.0, nonce CSRF protection flaw in the endpoint cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can trigger SQL statements and, consequently, write arbitrary PHP code to a .php file. This is documented across multiple sources (NVD entr...
CVE-2018-18422
CVE-2018-18422 affects UsualToolCMS 8.0. The vulnerability is a CSRF flaw that allows an attacker to add a new user via the path cmsadmin/a_adminx.php?x=a. Reported CVSS metrics: CVSS v2 base 6.8 (MEDIUM) and CVSS v3 base 8.8 (HIGH). Root cause: CSRF in the user-creation flow. Impact details are ...