Lucene search
K

132 matches found

NVD
NVD
added 2023/06/14 8:15 a.m.25 views

CVE-2023-3237

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

9.8CVSS7.2AI score0.00932EPSS
Exploits1References3
Prion
Prion
added 2023/06/14 8:15 a.m.22 views

Hardcoded credentials

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

5.8CVSS9.4AI score0.00932EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/06/14 8:15 a.m.17 views

Server side request forgery (ssrf)

A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The...

6.5CVSS9.5AI score0.00738EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/06/14 8:0 a.m.18 views

CVE-2023-3238 OTCMS server-side request forgery

A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The...

6.5CVSS9.8AI score0.00738EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/14 8:0 a.m.8 views

CVE-2023-3238 OTCMS server-side request forgery

A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The...

6.5CVSS9.6AI score0.00738EPSS
Exploits1References3
CVE
CVE
added 2023/06/14 8:0 a.m.42 views

CVE-2023-3238

OTCMS up to 6.62 contains a server-side request forgery (SSRF) vulnerability in the /admin/read.php?mudi=getSignal endpoint. The manipulation of the signalUrl parameter allows remote exploitation, as described in CVE-2023-3238 and corroborated by multiple sources. Impact is described as critical ...

9.8CVSS8.1AI score0.00738EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/14 7:31 a.m.14 views

CVE-2023-3237 OTCMS hard-coded password

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

6.3CVSS6.9AI score0.00932EPSS
Exploits1References3
CVE
CVE
added 2023/06/14 7:31 a.m.63 views

CVE-2023-3237

Summary (CVE-2023-3237): OTCMS versions up to 6.62 are affected by a vulnerability where credential handling allows a hard-coded password when the input is the admin username/password. This stems from vulnerable code paths that can be triggered during authentication and has been publicly disclose...

9.8CVSS7.2AI score0.00932EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/06/14 7:31 a.m.29 views

CVE-2023-3237 OTCMS hard-coded password

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

6.3CVSS9.7AI score0.00932EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.4 views

OTCMS 代码问题漏洞

OTCMS Nettie CMS is an article-based web content management system CMS. A code issue vulnerability exists in OTCMS versions prior to 6.62, which stems from a server-side request forgery due to misuse of the signalUrl parameter...

9.8CVSS7AI score0.00738EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.4 views

PT-2023-23762 · Otcms · Otcms

Name of the Vulnerable Software and Affected Versions: OTCMS versions up to 6.62 Description: A critical issue has been found in OTCMS, affecting the processing of the file /admin/read.php?mudi=getSignal. The manipulation of the signalUrl argument leads to server-side request forgery. This issue...

9.8CVSS6.6AI score0.00738EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.15 views

PT-2023-23754 · Otcms · Otcms

Name of the Vulnerable Software and Affected Versions: OTCMS versions up to 6.62 Description: A critical issue was discovered, affecting unknown code. The manipulation of the username and password arguments with the input admin leads to the use of a hard-coded password. Recommendations: For OTCMS...

9.8CVSS6.7AI score0.00932EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.14 views

OTCMS 信任管理问题漏洞

OTCMS Nettie CMS is a content management system CMS for article-based websites. A security vulnerability exists in OTCMS versions prior to 6.62 that stems from the use of hard-coded passwords...

9.8CVSS6.9AI score0.00932EPSS
Exploits1References3
NVD
NVD
added 2023/04/02 10:15 a.m.19 views

CVE-2023-1797

A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and m...

9.8CVSS7.2AI score0.00873EPSS
Exploits1References3
Prion
Prion
added 2023/04/02 10:15 a.m.23 views

Out-of-bounds

A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and m...

6.5CVSS9.5AI score0.00873EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/04/02 9:0 a.m.58 views

CVE-2023-1797

Summary: OTCMS 6.0.1 contains a critical vulnerability in the sysCheckFile.php?mudi=sql functionality that allows unrestricted file uploads. The root cause is an absence of upload restrictions in that function, enabling a remote attacker to upload arbitrary files and potentially execute code. The...

9.8CVSS8.1AI score0.00873EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/04/02 9:0 a.m.34 views

CVE-2023-1797 OTCMS unrestricted upload

A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and m...

6.5CVSS9.8AI score0.00873EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/04/02 12:0 a.m.5 views

OTCMS 代码问题漏洞

OTCMS Nettie CMS is an article-based web content management system CMS. A security vulnerability exists in OTCMS version 6.0.1, which originates from an unknown function in the file sysCheckFile.php?mudi=sql, resulting in unrestricted uploads...

9.8CVSS6.9AI score0.00873EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/04/02 12:0 a.m.8 views

PT-2023-2274 · Otcms · Otcms

Name of the Vulnerable Software and Affected Versions: OTCMS version 6.0.1 Description: A critical vulnerability was found in OTCMS, related to the absence of restrictions on file uploads. This issue affects an unknown functionality of the file sysCheckFile.php, where the mudi parameter is set to...

9.8CVSS8AI score0.00873EPSS
Exploits1References8
OSV
OSV
added 2023/03/25 7:15 p.m.3 views

CVE-2023-1635

A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was...

6.1CVSS3.8AI score0.00617EPSS
Exploits1References3
Rows per page
Query Builder