Lucene search
K

132 matches found

NVD
NVD
added 2023/03/25 7:15 p.m.23 views

CVE-2023-1635

A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was...

6.1CVSS4.5AI score0.00617EPSS
Exploits1References3
NVD
NVD
added 2023/03/25 7:15 p.m.20 views

CVE-2023-1634

A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/infodeal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

9.8CVSS7.2AI score0.00744EPSS
Exploits1References3
OSV
OSV
added 2023/03/25 7:15 p.m.3 views

CVE-2023-1634

A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/infodeal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

9.8CVSS6.2AI score0.00744EPSS
Exploits1References3
Prion
Prion
added 2023/03/25 7:15 p.m.12 views

Server side request forgery (ssrf)

A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/infodeal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS9.5AI score0.00744EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/03/25 7:15 p.m.17 views

Cross site scripting

A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was...

4CVSS6AI score0.00617EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/03/25 7:0 p.m.33 views

CVE-2023-1635 OTCMS apiRun.php AutoRun cross site scripting

A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was...

4CVSS6.2AI score0.00617EPSS
Exploits1References3
CVE
CVE
added 2023/03/25 7:0 p.m.45 views

CVE-2023-1635

CVE-2023-1635 affects OTCMS 6.72. The vulnerability is in the function AutoRun of the file apiRun.php, where manipulating the argument mode leads to a cross-site scripting (XSS) condition. The issue can be exploited remotely (network vector) and requires user interaction to trigger per the report...

6.1CVSS4.8AI score0.00617EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/25 7:0 p.m.4 views

CVE-2023-1635 OTCMS apiRun.php AutoRun cross site scripting

A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was...

4CVSS6.1AI score0.00617EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/03/25 6:31 p.m.29 views

CVE-2023-1634 OTCMS URL Parameter info_deal.php UseCurl server-side request forgery

A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/infodeal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS9.8AI score0.00744EPSS
Exploits1References3
CVE
CVE
added 2023/03/25 6:31 p.m.45 views

CVE-2023-1634

CVE-2023-1634 affects OTCMS 6.72, specifically the UseCurl function in the URL Parameter Handler (/admin/info_deal.php). The vulnerability enables server-side request forgery (SSRF) and can be exploited remotely; the exploit has been publicly disclosed. Impact is described as high/critical in dif...

9.8CVSS8.1AI score0.00744EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2021/06/30 12:0 a.m.16 views

Command Execution Vulnerability in OTCMS (PHP Version)

Nettitanium CMS OTCMS PHP version based on PHP sqlite/mysql technical architecture, UTF-8 coding, not only can be applied to a wide range of news/article publishing type of website, but also applicable to corporate websites. A command execution vulnerability exists in OTCMS PHP version, which can...

7.5AI score
Exploits0
CNVD
CNVD
added 2021/03/25 12:0 a.m.1 views

XSS Vulnerability in Nethub CMS PHP Version

OTCMS Nettie CMS is an article-based web content management system CMS. An XSS vulnerability exists in the PHP version of OTCMS, which can be exploited by attackers to obtain an administrator cookie...

6.1AI score
Exploits0
CNVD
CNVD
added 2020/12/01 12:0 a.m.3 views

Backup File Download Vulnerability in OTCMS

OTCMS Nettie CMS is an article-based web content management system CMS. OTCMS has a database backup file download vulnerability, which can be exploited by an attacker to obtain the database backup file by generating a logical error in the backup file name part...

6.9AI score
Exploits0
CNVD
CNVD
added 2020/12/01 12:0 a.m.3 views

Arbitrary File Deletion Vulnerability in OTCMS

OTCMS PHP version is a news/article publishing website using PHP+sqlite/mysql. OTCMS PHP Edition v5.60 tede.php file contains an arbitrary file deletion vulnerability. An attacker can exploit this vulnerability to delete any file in the root directory of the website, resulting in a system...

7.2AI score
Exploits0
NVD
NVD
added 2019/10/09 12:15 p.m.16 views

CVE-2019-17370

OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFiledeal.php blocks "into outfile" in a SELECT statement, but does not block the "into//outfile" manipulation. Therefore, the attacker can create a .php file...

7.2CVSS7.2AI score0.02071EPSS
Exploits1References1
OSV
OSV
added 2019/10/09 12:15 p.m.3 views

CVE-2019-17370

OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFiledeal.php blocks "into outfile" in a SELECT statement, but does not block the "into//outfile" manipulation. Therefore, the attacker can create a .php file...

7.2CVSS7.2AI score0.02071EPSS
Exploits1References1
Prion
Prion
added 2019/10/09 12:15 p.m.12 views

Code injection

OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFiledeal.php blocks "into outfile" in a SELECT statement, but does not block the "into//outfile" manipulation. Therefore, the attacker can create a .php file...

6.5CVSS7.2AI score0.02071EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/10/09 11:15 a.m.11 views

CVE-2019-17369

OTCMS v3.85 has CSRF in the admin/memberdeal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin...

6.5CVSS6.5AI score0.00515EPSS
Exploits1References1
Prion
Prion
added 2019/10/09 11:15 a.m.13 views

Cross site request forgery (csrf)

OTCMS v3.85 has CSRF in the admin/memberdeal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin...

4.3CVSS6.4AI score0.00515EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/09 11:4 a.m.20 views

CVE-2019-17370

OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFiledeal.php blocks "into outfile" in a SELECT statement, but does not block the "into//outfile" manipulation. Therefore, the attacker can create a .php file...

7.2AI score0.02071EPSS
Exploits1References1
Rows per page
Query Builder