Submit #632537: HuangDou UTCMS V9 RCE vulnerability for remote file download in the background
| Title | HuangDou UTCMS V9 RCE vulnerability for remote file download in the background |
|---|---|
| Description | In the update.php page, users can remotely downloading the compressed package and automatically decompressing it and RCE. |
| Source | ⚠️ https:/ |
| User | Yu Bao (UID 88956) |
| Submission | 08/12/2025 15:50 (11 months ago) |
| Moderation | 08/24/2025 16:52 (12 days later) |
| Status | Accepted |
| VulDB entry | 321238 [HuangDou UTCMS 9 Config update.php UPDATEURL server-side request forgery] |
| Points | 15 |