Description

A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related CPE's

a

usualtool

usualtoolcms

9.0

Vulnerable

References

https://github.com/DeepMountains/zzz/blob/main/CVE5-3.md

ExploitThird Party Advisory

https://vuldb.com/?ctiid.280246

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.280246

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.418750

Third Party AdvisoryVDB Entry

Weaknesses

[email protected]

Secondary
CWE-89

[email protected]

Primary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

4.7 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-10-13T18:15:03.853Z

1 year ago

Last modified

2024-10-18T22:47:15.957Z

1 year ago