Browse all 5 CVE security advisories affecting HuangDou. AI-powered Chinese analysis, POCs, and references for each vulnerability.
HuangDou is a Chinese e-commerce platform facilitating online transactions between buyers and sellers. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and insecure direct object references. The platform has faced security incidents involving data breaches exposing user credentials and personal information. Security assessments have revealed consistent weaknesses in authentication mechanisms and session management, leading to unauthorized account access. While HuangDou has implemented patches for identified CVEs, the recurring nature of certain vulnerability classes suggests ongoing challenges in secure development practices and code review processes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-9402 | HuangDou UTCMS Config update.php server-side request forgery — UTCMSCWE-918 | 4.7 | Medium | 2025-08-25 |
| CVE-2025-9401 | HuangDou UTCMS Login login.php comparison — UTCMSCWE-697 | 3.7 | Low | 2025-08-25 |
| CVE-2024-9918 | HuangDou UTCMS sql.php RunSql sql injection — UTCMSCWE-89 | 4.7 | Medium | 2024-10-13 |
| CVE-2024-9917 | HuangDou UTCMS template_creat.php deserialization — UTCMSCWE-502 | 6.3 | Medium | 2024-10-13 |
| CVE-2024-9916 | HuangDou UTCMS cli.php os command injection — UTCMSCWE-78 | 7.3 | High | 2024-10-13 |
This page lists every published CVE security advisory associated with HuangDou. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.