CVE-2023-3240
3.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | OTCMS | 6.0 | affected |
| n/a | OTCMS | 6.1 | affected |
| n/a | OTCMS | 6.2 | affected |
| n/a | OTCMS | 6.3 | affected |
| n/a | OTCMS | 6.4 | affected |
| n/a | OTCMS | 6.5 | affected |
| n/a | OTCMS | 6.6 | affected |
| n/a | OTCMS | 6.7 | affected |
| n/a | OTCMS | 6.8 | affected |
| n/a | OTCMS | 6.9 | affected |
| n/a | OTCMS | 6.10 | affected |
| n/a | OTCMS | 6.11 | affected |
| n/a | OTCMS | 6.12 | affected |
| n/a | OTCMS | 6.13 | affected |
| n/a | OTCMS | 6.14 | affected |
| n/a | OTCMS | 6.15 | affected |
| n/a | OTCMS | 6.16 | affected |
| n/a | OTCMS | 6.17 | affected |
| n/a | OTCMS | 6.18 | affected |
| n/a | OTCMS | 6.19 | affected |
| n/a | OTCMS | 6.20 | affected |
| n/a | OTCMS | 6.21 | affected |
| n/a | OTCMS | 6.22 | affected |
| n/a | OTCMS | 6.23 | affected |
| n/a | OTCMS | 6.24 | affected |
| n/a | OTCMS | 6.25 | affected |
| n/a | OTCMS | 6.26 | affected |
| n/a | OTCMS | 6.27 | affected |
| n/a | OTCMS | 6.28 | affected |
| n/a | OTCMS | 6.29 | affected |
| n/a | OTCMS | 6.30 | affected |
| n/a | OTCMS | 6.31 | affected |
| n/a | OTCMS | 6.32 | affected |
| n/a | OTCMS | 6.33 | affected |
| n/a | OTCMS | 6.34 | affected |
| n/a | OTCMS | 6.35 | affected |
| n/a | OTCMS | 6.36 | affected |
| n/a | OTCMS | 6.37 | affected |
| n/a | OTCMS | 6.38 | affected |
| n/a | OTCMS | 6.39 | affected |
| n/a | OTCMS | 6.40 | affected |
| n/a | OTCMS | 6.41 | affected |
| n/a | OTCMS | 6.42 | affected |
| n/a | OTCMS | 6.43 | affected |
| n/a | OTCMS | 6.44 | affected |
| n/a | OTCMS | 6.45 | affected |
| n/a | OTCMS | 6.46 | affected |
| n/a | OTCMS | 6.47 | affected |
| n/a | OTCMS | 6.48 | affected |
| n/a | OTCMS | 6.49 | affected |
| n/a | OTCMS | 6.50 | affected |
| n/a | OTCMS | 6.51 | affected |
| n/a | OTCMS | 6.52 | affected |
| n/a | OTCMS | 6.53 | affected |
| n/a | OTCMS | 6.54 | affected |
| n/a | OTCMS | 6.55 | affected |
| n/a | OTCMS | 6.56 | affected |
| n/a | OTCMS | 6.57 | affected |
| n/a | OTCMS | 6.58 | affected |
| n/a | OTCMS | 6.59 | affected |
| n/a | OTCMS | 6.60 | affected |
| n/a | OTCMS | 6.61 | affected |
| n/a | OTCMS | 6.62 | affected |
Weaknesses
- CWE-24: CWE-24 Path Traversal: '../filedir'
ADP Enrichment
CVE Program Container
Additional References
- https://vuldb.com/?id.231511
- https://vuldb.com/?ctiid.231511
- https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20download%20vulenrability%20via%20the%20filename.md
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/?id.231511
- https://vuldb.com/?ctiid.231511
- https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20download%20vulenrability%20via%20the%20filename.md
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.