CVE-2023-3239

Опубликовано: 14 июн. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 7.5

CVSS2: 2.7

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability.

Ссылки

https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20obtain%20the%20web%20directory%20path%20and%20other%20information%20leaked%20.md
Exploit
https://vuldb.com/?ctiid.231510
Permissions Required
Third Party Advisory
https://vuldb.com/?id.231510
Third Party Advisory
https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20obtain%20the%20web%20directory%20path%20and%20other%20information%20leaked%20.md
Exploit
https://vuldb.com/?ctiid.231510
Permissions Required
Third Party Advisory
https://vuldb.com/?id.231510
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:otcms:otcms:*:*:*:*:*:*:*:*

Версия до 6.62 (включая)

EPSS

Процентиль: 30%

0.00109

Низкий

3.5 Low

CVSS3

7.5 High

CVSS3

2.7 Low

CVSS2

Дефекты

CWE-24

Связанные уязвимости

GHSA-8hx5-p84q-7qhg

CVSS3: 3.5

github

больше 2 лет назад

EPSS

Процентиль: 30%

0.00109

Низкий

3.5 Low

CVSS3

7.5 High

CVSS3

2.7 Low

CVSS2

Дефекты

CWE-24