CVE-2023-3241

Опубликовано: 14 июн. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 7.5

CVSS2: 2.7

EPSS Низкий

Описание

A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231512.

Ссылки

https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20read%20vulenrability%20via%20the%20filename.md
Exploit
https://vuldb.com/?ctiid.231512
Permissions Required
Third Party Advisory
https://vuldb.com/?id.231512
Third Party Advisory
https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20read%20vulenrability%20via%20the%20filename.md
Exploit
https://vuldb.com/?ctiid.231512
Permissions Required
Third Party Advisory
https://vuldb.com/?id.231512
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:otcms:otcms:*:*:*:*:*:*:*:*

Версия до 6.62 (включая)

EPSS

Процентиль: 30%

0.00109

Низкий

3.5 Low

CVSS3

7.5 High

CVSS3

2.7 Low

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-3hm8-869v-rr3v

CVSS3: 3.5

github

больше 2 лет назад

EPSS

Процентиль: 30%

0.00109

Низкий

3.5 Low

CVSS3

7.5 High

CVSS3

2.7 Low

CVSS2

Дефекты

CWE-22