Submit #632537: HuangDou UTCMS V9 RCE vulnerability for remote file download in the backgroundinfo

TitleHuangDou UTCMS V9 RCE vulnerability for remote file download in the background
DescriptionIn the update.php page, users can remotely downloading the compressed package and automatically decompressing it and RCE.
Source⚠️ https://github.com/August829/Yu/blob/main/20250811_1.md
User
 Yu Bao (UID 88956)
Submission08/12/2025 15:50 (11 months ago)
Moderation08/24/2025 16:52 (12 days later)
StatusAccepted
VulDB entry321238 [HuangDou UTCMS 9 Config update.php UPDATEURL server-side request forgery]
Points15

Do you know our Splunk app?

Download it now for free!