CVE-2024-9918: HuangDou UTCMS sql.php RunSql sql injection
First published: Sun Oct 13 2024(Updated: )
A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Usualtool CMS | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-9918?
CVE-2024-9918 is classified as a critical vulnerability.
What systems are affected by CVE-2024-9918?
CVE-2024-9918 affects Usualtool Usualtoolcms version 9.0.
How does CVE-2024-9918 impact the application?
CVE-2024-9918 allows for SQL injection through the RunSql function in app/modules/ut-data/admin/sql.php.
How can CVE-2024-9918 be exploited?
CVE-2024-9918 can be exploited remotely by manipulating the sql argument.
How do I fix CVE-2024-9918?
To fix CVE-2024-9918, update Usualtool Usualtoolcms to the latest version that addresses this vulnerability.
- agent/references
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/trending
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/usualtool
- canonical/usualtool cms
- version/usualtool cms/9.0