Otcms
CVE-2023-3237
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508.
AnalysisAI
A vulnerability classified as critical was found in OTCMS up to 6.62. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-259. A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508. Affected products include: Otcms. Version information: up to 6.62..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62.php?mudi=getSignal. Rated critical
A vulnerability classified as critical was found in OTCMS 6.0.1. Rated critical severity (CVSS 9.8), this vulnerability
A vulnerability was found in OTCMS 6.72. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable,
OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter. Rated high severity (CV
A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Rated high severity (CVSS 7.5), this vulner
A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Rated high severity (CVSS 7.5), thi
A vulnerability, which was classified as critical, was found in OTCMS 7.01. Rated high severity (CVSS 7.2), this vulnera
OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT st
A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Rated medium severity (CVSS 6.5), this
OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group accoun
A vulnerability was found in OTCMS 6.72. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, n
OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request. Rated medium severity (CVSS 6.1), th
Same weakness CWE-259 – Use of Hard-coded Password
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today