CVE-2024-9918 | HuangDou UTCMS V9 sql.php RunSql sql sql injection

Posted by Angelo Barbosa | Oct 12, 2024 | CVE

A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection.

This vulnerability was named CVE-2024-9918. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-9918 | HuangDou UTCMS V9 sql.php RunSql sql sql injection

Related Posts

CVE-2024-3318 | SailPoint Identity Security Cloud DelimitedFileConnector Cloud Connector path traversal

CVE-2024-9417 | Hash Form Plugin up to 1.1.9 on WordPress unrestricted upload

CVE-2024-25153 | Fortra FileCatalyst up to 5.1.5 ftpservlet unknown vulnerability

CVE-2023-32366 | Apple iOS/iPadOS Font File out-of-bounds write