132 matches found
CVE-2019-17370
OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFiledeal.php blocks "into outfile" in a SELECT statement, but does not block the "into//outfile" manipulation. Therefore, the attacker can create a .php file...
CVE-2019-17369
OTCMS v3.85 has CSRF in the admin/memberdeal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin...
CVE-2019-17369
CVE-2019-17369 affects OTCMS v3.85. The vulnerability is a CSRF in the admin/member_deal.php admin panel page, enabling in‑application abuse such as creation of a new management group account (demonstrated by superadmin). The advisory details come from multiple connected sources (NVD/Red Hat/othe...
OTCMS cross-site scripting vulnerability (CNVD-2019-24208)
OTCMS Nettie CMS is an article-based web content management system CMS. A cross-site scripting vulnerability exists in OTCMS version 3.81. The vulnerability stems from the lack of proper validation of client-side data in the WEB application. An attacker can exploit this vulnerability to execute...
CVE-2019-13971
OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request...
CVE-2019-13971
OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request...
Cross site request forgery (csrf)
OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request...
CVE-2019-13971
OTCMS 3.81 contains a cross-site scripting (XSS) vulnerability in the web app: an XSS flaw via the mode parameter in apiRun.php?mudi=autoRun. Root cause is insufficient validation of client-side data, leading to possible execution of injected script. Affected component: OTCMS Web application; aff...
CVE-2019-13971
OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request...
CVE-2018-17364
OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter...
CVE-2018-17364
OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter...
Code injection
OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter...
CVE-2018-17364
CVE-2018-17364 affects OTCMS 3.61, where remote attackers can execute arbitrary PHP code via the accBackupDir parameter. Attack vector is network-based; exploitation details are not provided beyond the parameter abuse. Root cause: unvalidated/unsafe handling of accBackupDir allows code execution....
CVE-2018-17364
OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter...
CVE-2018-17086
An issue was discovered in OTCMS 3.61. XSS exists in admin/shareswitch.php via these parameters: fieldName fieldName2 tabName...
CVE-2018-17086
An issue was discovered in OTCMS 3.61. XSS exists in admin/shareswitch.php via these parameters: fieldName fieldName2 tabName...
Design/Logic Flaw
An issue was discovered in OTCMS 3.61. XSS exists in admin/shareswitch.php via these parameters: fieldName fieldName2 tabName...
CVE-2018-17085
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr...
Design/Logic Flaw
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr...
CVE-2018-17086
An issue was discovered in OTCMS 3.61. XSS exists in admin/shareswitch.php via these parameters: fieldName fieldName2 tabName...