Skip to main content

Otter

3 CVEs product

Monthly

CVE-2023-2288 HIGH POC THREAT This Week

The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Deserialization Otter
NVD WPScan
CVSS 3.1
8.8
EPSS
18.0%
CVE-2017-17086 CRITICAL Act Now

Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Otter
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-15607 CRITICAL Act Now

Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Otter
NVD
CVSS 3.0
9.8
EPSS
0.5%
EPSS 18% CVSS 8.8
HIGH POC THREAT This Week

The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Deserialization +1
NVD WPScan
EPSS 1% CVSS 9.8
CRITICAL Act Now

Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Otter
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Otter
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy