Shodan
Vulnerabilities
Vulnerable Software
Otcms:  >> Otcms  >> 3.20  Security Vulnerabilities
CVE-2024-57252
OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-01-17
CVE-2023-3239
A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-06-14
CVE-2023-3240
A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-06-14
CVE-2023-3241
A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231512.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-06-14
CVE-2023-3237
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-06-14
CVE-2023-3238
A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231509 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-06-14
CVE-2018-8973
OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-03-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved