132 matches found
CVE-2023-6772 OTCMS ind_backstage.php sql injection
A vulnerability, which was classified as critical, was found in OTCMS 7.01. Affected is an unknown function of the file /admin/indbackstage.php. The manipulation of the argument sqlContent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...
CVE-2023-6772 OTCMS ind_backstage.php sql injection
A vulnerability, which was classified as critical, was found in OTCMS 7.01. Affected is an unknown function of the file /admin/indbackstage.php. The manipulation of the argument sqlContent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...
CVE-2023-6772
CVE-2023-6772 affects OTCMS 7.01; vulnerable component is an unknown function in /admin/ind_backstage.php where the sqlContent parameter enables SQL injection. Attack can be launched remotely and exploitation has been publicly disclosed. Documented impact is high (potential data exposure/integrit...
CVE-2023-3239
A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be...
CVE-2023-3241
A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be...
CVE-2023-3240
A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNewsdeal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and...
CVE-2023-3240
A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNewsdeal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and...
Path traversal
A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be...
Path traversal
A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be...
Path traversal
A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNewsdeal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and...
CVE-2023-3241
OTCMS up to version 6.62 contains a path traversal vulnerability in the file /admin/read.php?mudi=announContent via manipulation of the url parameter. Public exploit/abuse has been disclosed. Affected functionality is unknown, but the issue arises from improper handling of the url argument, enabl...
CVE-2023-3241 OTCMS path traversal
A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be...
CVE-2023-3240 OTCMS usersNews_deal.php path traversal
A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNewsdeal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and...
CVE-2023-3240
CVE-2023-3240 affects OTCMS up to version 6.62, involving an issue in the file usersNews_deal.php where manipulating the file parameter enables path traversal via '../filedir'. Public exploitation has been disclosed. The vulnerability is described as a path traversal exposure; no remediation deta...
CVE-2023-3240 OTCMS usersNews_deal.php path traversal
A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNewsdeal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and...
CVE-2023-3239 OTCMS path traversal
A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be...
CVE-2023-3239
CVE-2023-3239 affects OTCMS up to version 6.62. Affected is an unknown function in admin/readDeal.php?mudi=readQrCode; manipulating the img parameter can trigger path traversal to ../filedir. The vulnerability has been publicly disclosed. Multiple connected sources (Red Hat, PRION, PT Security, C...
CVE-2023-3238
A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The...
CVE-2023-3238
A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The...
CVE-2023-3237
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...