CVE-2023-3237
6.3
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | OTCMS | 6.0 | affected |
| n/a | OTCMS | 6.1 | affected |
| n/a | OTCMS | 6.2 | affected |
| n/a | OTCMS | 6.3 | affected |
| n/a | OTCMS | 6.4 | affected |
| n/a | OTCMS | 6.5 | affected |
| n/a | OTCMS | 6.6 | affected |
| n/a | OTCMS | 6.7 | affected |
| n/a | OTCMS | 6.8 | affected |
| n/a | OTCMS | 6.9 | affected |
| n/a | OTCMS | 6.10 | affected |
| n/a | OTCMS | 6.11 | affected |
| n/a | OTCMS | 6.12 | affected |
| n/a | OTCMS | 6.13 | affected |
| n/a | OTCMS | 6.14 | affected |
| n/a | OTCMS | 6.15 | affected |
| n/a | OTCMS | 6.16 | affected |
| n/a | OTCMS | 6.17 | affected |
| n/a | OTCMS | 6.18 | affected |
| n/a | OTCMS | 6.19 | affected |
| n/a | OTCMS | 6.20 | affected |
| n/a | OTCMS | 6.21 | affected |
| n/a | OTCMS | 6.22 | affected |
| n/a | OTCMS | 6.23 | affected |
| n/a | OTCMS | 6.24 | affected |
| n/a | OTCMS | 6.25 | affected |
| n/a | OTCMS | 6.26 | affected |
| n/a | OTCMS | 6.27 | affected |
| n/a | OTCMS | 6.28 | affected |
| n/a | OTCMS | 6.29 | affected |
| n/a | OTCMS | 6.30 | affected |
| n/a | OTCMS | 6.31 | affected |
| n/a | OTCMS | 6.32 | affected |
| n/a | OTCMS | 6.33 | affected |
| n/a | OTCMS | 6.34 | affected |
| n/a | OTCMS | 6.35 | affected |
| n/a | OTCMS | 6.36 | affected |
| n/a | OTCMS | 6.37 | affected |
| n/a | OTCMS | 6.38 | affected |
| n/a | OTCMS | 6.39 | affected |
| n/a | OTCMS | 6.40 | affected |
| n/a | OTCMS | 6.41 | affected |
| n/a | OTCMS | 6.42 | affected |
| n/a | OTCMS | 6.43 | affected |
| n/a | OTCMS | 6.44 | affected |
| n/a | OTCMS | 6.45 | affected |
| n/a | OTCMS | 6.46 | affected |
| n/a | OTCMS | 6.47 | affected |
| n/a | OTCMS | 6.48 | affected |
| n/a | OTCMS | 6.49 | affected |
| n/a | OTCMS | 6.50 | affected |
| n/a | OTCMS | 6.51 | affected |
| n/a | OTCMS | 6.52 | affected |
| n/a | OTCMS | 6.53 | affected |
| n/a | OTCMS | 6.54 | affected |
| n/a | OTCMS | 6.55 | affected |
| n/a | OTCMS | 6.56 | affected |
| n/a | OTCMS | 6.57 | affected |
| n/a | OTCMS | 6.58 | affected |
| n/a | OTCMS | 6.59 | affected |
| n/a | OTCMS | 6.60 | affected |
| n/a | OTCMS | 6.61 | affected |
| n/a | OTCMS | 6.62 | affected |
Weaknesses
- CWE-259: CWE-259 Use of Hard-coded Password
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://vuldb.com/?id.231508
- https://vuldb.com/?ctiid.231508
- https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20contains%20a%20weak%20default%20password%20which%20gives%20attackers%20to%20access%20backstage%20management%20system.md
References
- https://vuldb.com/?id.231508
- https://vuldb.com/?ctiid.231508
- https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20contains%20a%20weak%20default%20password%20which%20gives%20attackers%20to%20access%20backstage%20management%20system.md
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.