132 matches found
CVE-2023-3237
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...
Hardcoded credentials
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...
Server side request forgery (ssrf)
A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The...
CVE-2023-3238 OTCMS server-side request forgery
A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The...
CVE-2023-3238 OTCMS server-side request forgery
A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The...
CVE-2023-3238
OTCMS up to 6.62 contains a server-side request forgery (SSRF) vulnerability in the /admin/read.php?mudi=getSignal endpoint. The manipulation of the signalUrl parameter allows remote exploitation, as described in CVE-2023-3238 and corroborated by multiple sources. Impact is described as critical ...
CVE-2023-3237 OTCMS hard-coded password
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...
CVE-2023-3237
Summary (CVE-2023-3237): OTCMS versions up to 6.62 are affected by a vulnerability where credential handling allows a hard-coded password when the input is the admin username/password. This stems from vulnerable code paths that can be triggered during authentication and has been publicly disclose...
CVE-2023-3237 OTCMS hard-coded password
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...
OTCMS 代码问题漏洞
OTCMS Nettie CMS is an article-based web content management system CMS. A code issue vulnerability exists in OTCMS versions prior to 6.62, which stems from a server-side request forgery due to misuse of the signalUrl parameter...
PT-2023-23762 · Otcms · Otcms
Name of the Vulnerable Software and Affected Versions: OTCMS versions up to 6.62 Description: A critical issue has been found in OTCMS, affecting the processing of the file /admin/read.php?mudi=getSignal. The manipulation of the signalUrl argument leads to server-side request forgery. This issue...
PT-2023-23754 · Otcms · Otcms
Name of the Vulnerable Software and Affected Versions: OTCMS versions up to 6.62 Description: A critical issue was discovered, affecting unknown code. The manipulation of the username and password arguments with the input admin leads to the use of a hard-coded password. Recommendations: For OTCMS...
OTCMS 信任管理问题漏洞
OTCMS Nettie CMS is a content management system CMS for article-based websites. A security vulnerability exists in OTCMS versions prior to 6.62 that stems from the use of hard-coded passwords...
CVE-2023-1797
A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and m...
Out-of-bounds
A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and m...
CVE-2023-1797
Summary: OTCMS 6.0.1 contains a critical vulnerability in the sysCheckFile.php?mudi=sql functionality that allows unrestricted file uploads. The root cause is an absence of upload restrictions in that function, enabling a remote attacker to upload arbitrary files and potentially execute code. The...
CVE-2023-1797 OTCMS unrestricted upload
A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and m...
OTCMS 代码问题漏洞
OTCMS Nettie CMS is an article-based web content management system CMS. A security vulnerability exists in OTCMS version 6.0.1, which originates from an unknown function in the file sysCheckFile.php?mudi=sql, resulting in unrestricted uploads...
PT-2023-2274 · Otcms · Otcms
Name of the Vulnerable Software and Affected Versions: OTCMS version 6.0.1 Description: A critical vulnerability was found in OTCMS, related to the absence of restrictions on file uploads. This issue affects an unknown functionality of the file sysCheckFile.php, where the mudi parameter is set to...
CVE-2023-1635
A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was...