CVE-2024-9917 | HuangDou UTCMS V9 template_creat.php content deserialization

Posted by Angelo Barbosa | Oct 12, 2024 | CVE

A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization.

This vulnerability is uniquely identified as CVE-2024-9917. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-9917 | HuangDou UTCMS V9 template_creat.php content deserialization

Related Posts

CVE-2024-40520 | SeaCMS 12.9 admin_config_mark.php Remote Code Execution

CVE-2024-33553 | 8theme XStore Core Plugin up to 5.3.5 on WordPress deserialization

CVE-2024-23178 | MediaWiki up to 1.40.1 Phonos Extension PhonosButton.js cross site scripting

CVE-2024-23893 | Cups Easy 1.0 URL costcentermodify.php cross site scripting