A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://github.com/DeepMountains/zzz/blob/main/CVE5-2.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.280245 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.280245 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.418749 | Third Party Advisory VDB Entry |
Configurations
History
19 Oct 2024, 00:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:usualtool:usualtoolcms:9.0:*:*:*:*:*:*:* | |
References | () https://github.com/DeepMountains/zzz/blob/main/CVE5-2.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.280245 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?id.280245 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.418749 - Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 4.9 |
First Time |
Usualtool
Usualtool usualtoolcms |
15 Oct 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
13 Oct 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-13 20:15
Updated : 2024-10-19 00:49
NVD link : CVE-2024-9917
Mitre link : CVE-2024-9917
CVE.ORG link : CVE-2024-9917
JSON object : View
Products Affected
usualtool
- usualtoolcms
CWE
CWE-502
Deserialization of Untrusted Data