CVE-2024-9918 | HuangDou UTCMS V9 sql.php RunSql sql sql injection

Inserito da Angelo Barbosa | Ott 12, 2024 | CVE

A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection.

This vulnerability was named CVE-2024-9918. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-9918 | HuangDou UTCMS V9 sql.php RunSql sql sql injection

Post correlati

CVE-2024-7680 | itsourcecode Tailoring Management System 1.0 /incedit.php id/inccat/desc/date/amount sql injection

CVE-2024-33956 | ThemeLocation Custom WooCommerce Checkout Fields Editor Plugin up to 1.3.0 on WordPress authorization

CVE-2023-42874 | Apple macOS up to 14.1 Accessibility Keyboard state issue (HT214036)

CVE-2024-24900 | Dell Secure Connect Gateway prior 5.22.00.16 Policy improper authorization (dsa-2024-077)