CVE-2023-3237

Опубликовано: 14 июн. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 9.8

CVSS2: 5.8

EPSS Низкий

Описание

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508.

Ссылки

https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20contains%20a%20weak%20default%20password%20which%20gives%20attackers%20to%20access%20backstage%20management%20system.md
Exploit
https://vuldb.com/?ctiid.231508
Permissions Required
Third Party Advisory
https://vuldb.com/?id.231508
Third Party Advisory
https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20contains%20a%20weak%20default%20password%20which%20gives%20attackers%20to%20access%20backstage%20management%20system.md
Exploit
https://vuldb.com/?ctiid.231508
Permissions Required
Third Party Advisory
https://vuldb.com/?id.231508
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:otcms:otcms:*:*:*:*:*:*:*:*

Версия до 6.62 (включая)

EPSS

Процентиль: 21%

0.00067

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-259

CWE-798

Связанные уязвимости

GHSA-7j24-g426-8q4g

CVSS3: 6.3

github

больше 2 лет назад

EPSS

Процентиль: 21%

0.00067

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-259

CWE-798