Lucene search
K

132 matches found

CVE
CVE
added 2019/10/09 11:4 a.m.42 views

CVE-2019-17370

CVE-2019-17370 affects OTCMS v3.85. The vulnerability arises because admin/sysCheckFile_deal.php blocks only into outfile in a SELECT, while bypassing with into/**/outfile, enabling an attacker to create a PHP file and achieve arbitrary PHP code execution. Connected sources corroborate this behav...

7.2CVSS7.1AI score0.02071EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/09 10:55 a.m.14 views

CVE-2019-17369

OTCMS v3.85 has CSRF in the admin/memberdeal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin...

6.5AI score0.00515EPSS
Exploits1References1
CVE
CVE
added 2019/10/09 10:55 a.m.34 views

CVE-2019-17369

CVE-2019-17369 affects OTCMS v3.85. The vulnerability is a CSRF in the admin/member_deal.php admin panel page, enabling in‑application abuse such as creation of a new management group account (demonstrated by superadmin). The advisory details come from multiple connected sources (NVD/Red Hat/othe...

6.5CVSS6.4AI score0.00515EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2019/07/24 12:0 a.m.2 views

OTCMS cross-site scripting vulnerability (CNVD-2019-24208)

OTCMS Nettie CMS is an article-based web content management system CMS. A cross-site scripting vulnerability exists in OTCMS version 3.81. The vulnerability stems from the lack of proper validation of client-side data in the WEB application. An attacker can exploit this vulnerability to execute...

6.1CVSS6.4AI score0.00848EPSS
Exploits1References1
OSV
OSV
added 2019/07/19 7:15 a.m.3 views

CVE-2019-13971

OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request...

6.1CVSS6.3AI score0.00848EPSS
Exploits1References1
NVD
NVD
added 2019/07/19 7:15 a.m.21 views

CVE-2019-13971

OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request...

6.1CVSS6AI score0.00848EPSS
Exploits1References1
Prion
Prion
added 2019/07/19 7:15 a.m.16 views

Cross site request forgery (csrf)

OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request...

4.3CVSS5.9AI score0.00848EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/19 6:7 a.m.21 views

CVE-2019-13971

OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request...

6AI score0.00848EPSS
Exploits1References1
CVE
CVE
added 2019/07/19 6:7 a.m.38 views

CVE-2019-13971

OTCMS 3.81 contains a cross-site scripting (XSS) vulnerability in the web app: an XSS flaw via the mode parameter in apiRun.php?mudi=autoRun. Root cause is insufficient validation of client-side data, leading to possible execution of injected script. Affected component: OTCMS Web application; aff...

6.1CVSS5.9AI score0.00848EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/09/23 6:29 p.m.20 views

CVE-2018-17364

OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter...

8.1CVSS8.5AI score0.00879EPSS
Exploits1References1
Prion
Prion
added 2018/09/23 6:29 p.m.16 views

Code injection

OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter...

6.8CVSS8.4AI score0.00879EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/09/23 6:29 p.m.3 views

CVE-2018-17364

OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter...

8.1CVSS6.1AI score0.00879EPSS
Exploits1References1
CVE
CVE
added 2018/09/23 6:0 p.m.37 views

CVE-2018-17364

CVE-2018-17364 affects OTCMS 3.61, where remote attackers can execute arbitrary PHP code via the accBackupDir parameter. Attack vector is network-based; exploitation details are not provided beyond the parameter abuse. Root cause: unvalidated/unsafe handling of accBackupDir allows code execution....

8.1CVSS8.4AI score0.00879EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/09/23 6:0 p.m.19 views

CVE-2018-17364

OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter...

8.5AI score0.00879EPSS
Exploits1References1
NVD
NVD
added 2018/09/16 5:29 p.m.18 views

CVE-2018-17086

An issue was discovered in OTCMS 3.61. XSS exists in admin/shareswitch.php via these parameters: fieldName fieldName2 tabName...

6.1CVSS6AI score0.00692EPSS
Exploits1References1
Prion
Prion
added 2018/09/16 5:29 p.m.11 views

Design/Logic Flaw

An issue was discovered in OTCMS 3.61. XSS exists in admin/shareswitch.php via these parameters: fieldName fieldName2 tabName...

4.3CVSS6AI score0.00692EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/09/16 5:29 p.m.6 views

CVE-2018-17086

An issue was discovered in OTCMS 3.61. XSS exists in admin/shareswitch.php via these parameters: fieldName fieldName2 tabName...

6.1CVSS5.8AI score0.00692EPSS
Exploits1References1
Prion
Prion
added 2018/09/16 5:29 p.m.15 views

Design/Logic Flaw

An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr...

4.3CVSS6AI score0.00692EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/09/16 5:29 p.m.18 views

CVE-2018-17085

An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr...

6.1CVSS6AI score0.00692EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/09/16 5:0 p.m.17 views

CVE-2018-17086

An issue was discovered in OTCMS 3.61. XSS exists in admin/shareswitch.php via these parameters: fieldName fieldName2 tabName...

6.1AI score0.00692EPSS
Exploits1References1
Rows per page
Query Builder