CVE-2024-9917
- EPSS 2.66%
- Veröffentlicht 13.10.2024 20:15:03
- Zuletzt bearbeitet 19.10.2024 00:49:07
A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is pos...
CVE-2024-9918
- EPSS 0.07%
- Veröffentlicht 13.10.2024 20:15:03
- Zuletzt bearbeitet 19.10.2024 00:47:15
A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can ...
CVE-2024-9916
- EPSS 85.1%
- Veröffentlicht 13.10.2024 19:15:11
- Zuletzt bearbeitet 16.10.2024 22:11:04
A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injectio...
CVE-2019-6244
- EPSS 0.14%
- Veröffentlicht 12.01.2019 02:29:00
- Zuletzt bearbeitet 21.11.2024 04:46:17
An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file.
CVE-2018-20128
- EPSS 0.88%
- Veröffentlicht 13.12.2018 08:29:00
- Zuletzt bearbeitet 21.11.2024 04:00:54
An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring.
CVE-2018-18422
- EPSS 0.15%
- Veröffentlicht 17.10.2018 04:29:01
- Zuletzt bearbeitet 21.11.2024 03:55:54
UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI.