Login Sign Up

CVE-2024-9916

7.3 HIGH
Remote Code Execution

📋 TL;DR

This critical vulnerability in HuangDou UTCMS V9 allows remote attackers to execute arbitrary operating system commands through command injection in the 'o' parameter of the cli.php file. Attackers can compromise affected systems to gain unauthorized access and control. All systems running vulnerable versions of UTCMS V9 are affected.

💻 Affected Systems

Products:
  • HuangDou UTCMS
Versions: V9
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default installation of UTCMS V9. The specific vulnerable file is app/modules/ut-cac/admin/cli.php.

📦 What is this software?

Usualtoolcms by Usualtool

View all CVEs affecting Usualtoolcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal sensitive data, install malware, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Remote code execution leading to web server compromise, data exfiltration, and potential ransomware deployment on affected systems.

🟢

If Mitigated

Limited impact with proper input validation, command sanitization, and network segmentation preventing lateral movement.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available and the vulnerability is remotely exploitable without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor has not responded to disclosure. Consider workarounds or migrating to alternative software.

🔧 Temporary Workarounds

Remove vulnerable file

linux

Delete or rename the vulnerable cli.php file to prevent exploitation

rm /path/to/app/modules/ut-cac/admin/cli.php
mv /path/to/app/modules/ut-cac/admin/cli.php /path/to/app/modules/ut-cac/admin/cli.php.bak

Implement input validation

all

Add strict input validation and sanitization for the 'o' parameter in cli.php

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate UTCMS systems from critical infrastructure
  • Deploy web application firewall (WAF) with command injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check if file exists: ls -la /path/to/app/modules/ut-cac/admin/cli.php

Check Version:

Check UTCMS version in configuration files or admin panel

Verify Fix Applied:

Verify file removal: test ! -f /path/to/app/modules/ut-cac/admin/cli.php

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution in web server logs
  • Suspicious parameters containing shell metacharacters in cli.php requests
  • Unexpected system commands from web server process

Network Indicators:

  • HTTP requests to cli.php with shell commands in parameters
  • Outbound connections from web server to unexpected destinations

SIEM Query:

source="web_server" AND uri="*cli.php*" AND (param="*;*" OR param="*|*" OR param="*`*" OR param="*$(*")

📊 Metadata

CVE ID: CVE-2024-9916
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-78
Published: October 13, 2024
Last Updated: October 16, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9916, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)