Skip to main content

Otcms

17 CVEs product

Monthly

CVE-2024-57252 MEDIUM Monitor

OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Otcms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-6772 HIGH POC This Week

A vulnerability, which was classified as critical, was found in OTCMS 7.01. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Otcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-3241 HIGH POC This Week

A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Otcms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-3240 MEDIUM POC This Month

A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Otcms
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-3239 HIGH POC This Week

A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Otcms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-3238 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62.php?mudi=getSignal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Otcms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3237 CRITICAL POC Act Now

A vulnerability classified as critical was found in OTCMS up to 6.62. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Otcms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1797 CRITICAL POC Act Now

A vulnerability classified as critical was found in OTCMS 6.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Otcms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1635 MEDIUM POC This Month

A vulnerability was found in OTCMS 6.72. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Otcms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1634 CRITICAL POC Act Now

A vulnerability was found in OTCMS 6.72. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Otcms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-17370 HIGH POC This Week

OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE PHP Otcms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.1%
CVE-2019-17369 MEDIUM POC This Month

OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Otcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-13971 MEDIUM POC This Month

OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Otcms
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-17364 HIGH POC This Week

OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Otcms
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2018-17086 MEDIUM POC This Month

An issue was discovered in OTCMS 3.61. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Otcms
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-17085 MEDIUM POC This Month

An issue was discovered in OTCMS 3.61. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Otcms
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-8973 MEDIUM POC This Month

OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Otcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
EPSS 0% CVSS 4.3
MEDIUM Monitor

OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Otcms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability, which was classified as critical, was found in OTCMS 7.01. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Otcms
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Otcms
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Otcms
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Otcms
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62.php?mudi=getSignal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Otcms
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as critical was found in OTCMS up to 6.62. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Otcms
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as critical was found in OTCMS 6.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Otcms
NVD VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A vulnerability was found in OTCMS 6.72. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Otcms
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in OTCMS 6.72. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Otcms
NVD GitHub VulDB
EPSS 2% CVSS 7.2
HIGH POC This Week

OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE PHP +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Otcms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Otcms
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in OTCMS 3.61. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Otcms
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in OTCMS 3.61. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Otcms
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Otcms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy