usualtool CVE Vulnerabilities & Metrics

Focus on usualtool vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About usualtool Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with usualtool. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total usualtool CVEs: 6
Earliest CVE date: 17 Oct 2018, 04:29 UTC
Latest CVE date: 13 Oct 2024, 20:15 UTC

Latest CVE reference: CVE-2024-9918

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 3

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical usualtool CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.63

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	5
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS usualtool CVEs

These are the five CVEs with the highest CVSS scores for usualtool, sorted by severity first and recency.

CVE-2024-9916 usualtool Published on 13 Oct 2024, 19:15 UTC (CVSS: 7.5)
A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this dis...
CVE-2019-6244 usualtool Published on 12 Jan 2019, 02:29 UTC (CVSS: 6.8)
An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file.
CVE-2018-18422 usualtool Published on 17 Oct 2018, 04:29 UTC (CVSS: 6.8)
UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI.
CVE-2024-9917 usualtool Published on 13 Oct 2024, 20:15 UTC (CVSS: 6.5)
A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disc...
CVE-2018-20128 usualtool Published on 13 Dec 2018, 08:29 UTC (CVSS: 6.4)
An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring.

All CVEs for usualtool

CVE-2024-9918 usualtool vulnerability CVSS: 5.8 13 Oct 2024, 20:15 UTC

A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-9917 usualtool vulnerability CVSS: 6.5 13 Oct 2024, 20:15 UTC

A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-9916 usualtool vulnerability CVSS: 7.5 13 Oct 2024, 19:15 UTC

A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2019-6244 usualtool vulnerability CVSS: 6.8 12 Jan 2019, 02:29 UTC

An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file.

CVE-2018-20128 usualtool vulnerability CVSS: 6.4 13 Dec 2018, 08:29 UTC

An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring.

CVE-2018-18422 usualtool vulnerability CVSS: 6.8 17 Oct 2018, 04:29 UTC

UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI.