Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HuangDou UTCMS Config update.php server-side request forgery
Vulnerability Description
A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
UTCMS 代码问题漏洞
Vulnerability Description
UTCMS是usualtool个人开发者的一个基于 UT 框架构建的内容管理系统。 UTCMS 9版本存在代码问题漏洞,该漏洞源于文件app/modules/ut-frame/admin/update.php中UPDATEURL参数存在服务端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A