CVE-2024-9916

HIGH EXPLOITED NUCLEI

Usualtoolcms - OS Command Injection

Title source: rule

Description

A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Nuclei Templates (1)

HuangDou UTCMS V9 - OS Command Injection

HIGHVERIFIEDby iamnoooob,pdresearch

FOFA: body="usualtool"

References (4)

[Exploit, Third Party Advisory] https://github.com/DeepMountains/zzz/blob/main/CVE5-1.md

View Exploit ZIP pw:eip

[Permissions Required] https://vuldb.com/?ctiid.280244

[Third Party Advisory] https://vuldb.com/?id.280244

[Third Party Advisory] https://vuldb.com/?submit.418748

Scores

CVSS v3 7.3

EPSS 0.8357

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

VulnCheck KEV 2025-02-18

CWE

CWE-78

Status published

Products (1)

usualtool/usualtoolcms 9.0

Published Oct 13, 2024

Tracked Since Feb 18, 2026