CVE-2024-9917

A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://github.com/DeepMountains/zzz/blob/main/CVE5-2.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.280245 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.280245 Third Party Advisory VDB Entry
https://vuldb.com/?submit.418749 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:usualtool:usualtoolcms:9.0:*:*:*:*:*:*:*

History

19 Oct 2024, 00:49

Type Values Removed Values Added
CPE cpe:2.3:a:usualtool:usualtoolcms:9.0:*:*:*:*:*:*:*
References () https://github.com/DeepMountains/zzz/blob/main/CVE5-2.md - () https://github.com/DeepMountains/zzz/blob/main/CVE5-2.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.280245 - () https://vuldb.com/?ctiid.280245 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.280245 - () https://vuldb.com/?id.280245 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.418749 - () https://vuldb.com/?submit.418749 - Third Party Advisory, VDB Entry
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 4.9
First Time Usualtool
Usualtool usualtoolcms

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Se ha descubierto una vulnerabilidad clasificada como crítica en HuangDou UTCMS V9. Afecta a una parte desconocida del archivo app/modules/ut-template/admin/template_creat.php. La manipulación del contenido del argumento provoca la deserialización. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse. Se contactó al proveedor con anticipación sobre esta revelación, pero no respondió de ninguna manera.

13 Oct 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-13 20:15

Updated : 2024-10-19 00:49


NVD link : CVE-2024-9917

Mitre link : CVE-2024-9917

CVE.ORG link : CVE-2024-9917


JSON object : View

Products Affected

usualtool

  • usualtoolcms
CWE
CWE-502

Deserialization of Untrusted Data