132 matches found
CVE-2023-1635
A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was...
CVE-2023-1634
A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/infodeal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
CVE-2023-1634
A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/infodeal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
Server side request forgery (ssrf)
A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/infodeal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
Cross site scripting
A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was...
CVE-2023-1635 OTCMS apiRun.php AutoRun cross site scripting
A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was...
CVE-2023-1635
CVE-2023-1635 affects OTCMS 6.72. The vulnerability is in the function AutoRun of the file apiRun.php, where manipulating the argument mode leads to a cross-site scripting (XSS) condition. The issue can be exploited remotely (network vector) and requires user interaction to trigger per the report...
CVE-2023-1635 OTCMS apiRun.php AutoRun cross site scripting
A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was...
CVE-2023-1634 OTCMS URL Parameter info_deal.php UseCurl server-side request forgery
A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/infodeal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
CVE-2023-1634
CVE-2023-1634 affects OTCMS 6.72, specifically the UseCurl function in the URL Parameter Handler (/admin/info_deal.php). The vulnerability enables server-side request forgery (SSRF) and can be exploited remotely; the exploit has been publicly disclosed. Impact is described as high/critical in dif...
Command Execution Vulnerability in OTCMS (PHP Version)
Nettitanium CMS OTCMS PHP version based on PHP sqlite/mysql technical architecture, UTF-8 coding, not only can be applied to a wide range of news/article publishing type of website, but also applicable to corporate websites. A command execution vulnerability exists in OTCMS PHP version, which can...
XSS Vulnerability in Nethub CMS PHP Version
OTCMS Nettie CMS is an article-based web content management system CMS. An XSS vulnerability exists in the PHP version of OTCMS, which can be exploited by attackers to obtain an administrator cookie...
Backup File Download Vulnerability in OTCMS
OTCMS Nettie CMS is an article-based web content management system CMS. OTCMS has a database backup file download vulnerability, which can be exploited by an attacker to obtain the database backup file by generating a logical error in the backup file name part...
Arbitrary File Deletion Vulnerability in OTCMS
OTCMS PHP version is a news/article publishing website using PHP+sqlite/mysql. OTCMS PHP Edition v5.60 tede.php file contains an arbitrary file deletion vulnerability. An attacker can exploit this vulnerability to delete any file in the root directory of the website, resulting in a system...
CVE-2019-17370
OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFiledeal.php blocks "into outfile" in a SELECT statement, but does not block the "into//outfile" manipulation. Therefore, the attacker can create a .php file...
CVE-2019-17370
OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFiledeal.php blocks "into outfile" in a SELECT statement, but does not block the "into//outfile" manipulation. Therefore, the attacker can create a .php file...
Code injection
OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFiledeal.php blocks "into outfile" in a SELECT statement, but does not block the "into//outfile" manipulation. Therefore, the attacker can create a .php file...
CVE-2019-17369
OTCMS v3.85 has CSRF in the admin/memberdeal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin...
Cross site request forgery (csrf)
OTCMS v3.85 has CSRF in the admin/memberdeal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin...
CVE-2019-17370
OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFiledeal.php blocks "into outfile" in a SELECT statement, but does not block the "into//outfile" manipulation. Therefore, the attacker can create a .php file...