CVE-2023-1797
Summary: OTCMS 6.0.1 contains a critical vulnerability in the sysCheckFile.php?mudi=sql functionality that allows unrestricted file uploads. The root cause is an absence of upload restrictions in that function, enabling a remote attacker to upload arbitrary files and potentially execute code. The...