| Title | HuangDou UTCMS V9 RCE |
|---|
| Description | The cli.php page can execute system commands without authentication. The filtering rules stipulate that commands can only start with cd, php, nohup, or composer. However, system commands can be executed using "nohup whoami". |
|---|
| Source | ⚠️ https://github.com/DeepMountains/zzz/blob/main/CVE5-1.md |
|---|
| User | chenzijie0619 (UID 74657) |
|---|
| Submission | 10/06/2024 04:48 (2 years ago) |
|---|
| Moderation | 10/12/2024 18:16 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 280244 [HuangDou UTCMS V9 cli.php o os command injection] |
|---|
| Points | 14 |
|---|