132 matches found
CVE-2019-17370
CVE-2019-17370 affects OTCMS v3.85. The vulnerability arises because admin/sysCheckFile_deal.php blocks only into outfile in a SELECT, while bypassing with into/**/outfile, enabling an attacker to create a PHP file and achieve arbitrary PHP code execution. Connected sources corroborate this behav...
CVE-2019-17369
OTCMS v3.85 has CSRF in the admin/memberdeal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin...
CVE-2019-17369
CVE-2019-17369 affects OTCMS v3.85. The vulnerability is a CSRF in the admin/member_deal.php admin panel page, enabling in‑application abuse such as creation of a new management group account (demonstrated by superadmin). The advisory details come from multiple connected sources (NVD/Red Hat/othe...
OTCMS cross-site scripting vulnerability (CNVD-2019-24208)
OTCMS Nettie CMS is an article-based web content management system CMS. A cross-site scripting vulnerability exists in OTCMS version 3.81. The vulnerability stems from the lack of proper validation of client-side data in the WEB application. An attacker can exploit this vulnerability to execute...
CVE-2019-13971
OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request...
CVE-2019-13971
OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request...
Cross site request forgery (csrf)
OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request...
CVE-2019-13971
OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request...
CVE-2019-13971
OTCMS 3.81 contains a cross-site scripting (XSS) vulnerability in the web app: an XSS flaw via the mode parameter in apiRun.php?mudi=autoRun. Root cause is insufficient validation of client-side data, leading to possible execution of injected script. Affected component: OTCMS Web application; aff...
CVE-2018-17364
OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter...
Code injection
OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter...
CVE-2018-17364
OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter...
CVE-2018-17364
CVE-2018-17364 affects OTCMS 3.61, where remote attackers can execute arbitrary PHP code via the accBackupDir parameter. Attack vector is network-based; exploitation details are not provided beyond the parameter abuse. Root cause: unvalidated/unsafe handling of accBackupDir allows code execution....
CVE-2018-17364
OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter...
CVE-2018-17086
An issue was discovered in OTCMS 3.61. XSS exists in admin/shareswitch.php via these parameters: fieldName fieldName2 tabName...
Design/Logic Flaw
An issue was discovered in OTCMS 3.61. XSS exists in admin/shareswitch.php via these parameters: fieldName fieldName2 tabName...
CVE-2018-17086
An issue was discovered in OTCMS 3.61. XSS exists in admin/shareswitch.php via these parameters: fieldName fieldName2 tabName...
Design/Logic Flaw
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr...
CVE-2018-17085
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr...
CVE-2018-17086
An issue was discovered in OTCMS 3.61. XSS exists in admin/shareswitch.php via these parameters: fieldName fieldName2 tabName...