{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-9917","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-10-12T16:16:08.104Z","datePublished":"2024-10-13T19:31:03.992Z","dateUpdated":"2024-10-15T15:01:58.207Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-10-13T19:31:03.992Z"},"title":"HuangDou UTCMS template_creat.php deserialization","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-502","lang":"en","description":"Deserialization"}]}],"affected":[{"vendor":"HuangDou","product":"UTCMS","versions":[{"version":"V9","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"Es wurde eine kritische Schwachstelle in HuangDou UTCMS V9 gefunden. Es betrifft eine unbekannte Funktion der Datei app/modules/ut-template/admin/template_creat.php. Durch das Beeinflussen des Arguments content mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-10-12T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-10-12T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-10-12T18:21:21.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"chenzijie0619 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.280245","name":"VDB-280245 | HuangDou UTCMS template_creat.php deserialization","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.280245","name":"VDB-280245 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.418749","name":"Submit #418749 | HuangDou UTCMS V9 Arbitrary file creation","tags":["third-party-advisory"]},{"url":"https://github.com/DeepMountains/zzz/blob/main/CVE5-2.md","tags":["exploit"]}]},"adp":[{"affected":[{"vendor":"huangdou","product":"utcms","cpes":["cpe:2.3:a:huangdou:utcms:v9:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"v9","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-14T15:01:35.976639Z","id":"CVE-2024-9917","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-15T15:01:58.207Z"}}]}}