CVE-2023-3240

Summary

A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511.

Affected Software

VendorProductVersion RangeStatus
n/aOTCMS6.0affected
n/aOTCMS6.1affected
n/aOTCMS6.2affected
n/aOTCMS6.3affected
n/aOTCMS6.4affected
n/aOTCMS6.5affected
n/aOTCMS6.6affected
n/aOTCMS6.7affected
n/aOTCMS6.8affected
n/aOTCMS6.9affected
n/aOTCMS6.10affected
n/aOTCMS6.11affected
n/aOTCMS6.12affected
n/aOTCMS6.13affected
n/aOTCMS6.14affected
n/aOTCMS6.15affected
n/aOTCMS6.16affected
n/aOTCMS6.17affected
n/aOTCMS6.18affected
n/aOTCMS6.19affected
n/aOTCMS6.20affected
n/aOTCMS6.21affected
n/aOTCMS6.22affected
n/aOTCMS6.23affected
n/aOTCMS6.24affected
n/aOTCMS6.25affected
n/aOTCMS6.26affected
n/aOTCMS6.27affected
n/aOTCMS6.28affected
n/aOTCMS6.29affected
n/aOTCMS6.30affected
n/aOTCMS6.31affected
n/aOTCMS6.32affected
n/aOTCMS6.33affected
n/aOTCMS6.34affected
n/aOTCMS6.35affected
n/aOTCMS6.36affected
n/aOTCMS6.37affected
n/aOTCMS6.38affected
n/aOTCMS6.39affected
n/aOTCMS6.40affected
n/aOTCMS6.41affected
n/aOTCMS6.42affected
n/aOTCMS6.43affected
n/aOTCMS6.44affected
n/aOTCMS6.45affected
n/aOTCMS6.46affected
n/aOTCMS6.47affected
n/aOTCMS6.48affected
n/aOTCMS6.49affected
n/aOTCMS6.50affected
n/aOTCMS6.51affected
n/aOTCMS6.52affected
n/aOTCMS6.53affected
n/aOTCMS6.54affected
n/aOTCMS6.55affected
n/aOTCMS6.56affected
n/aOTCMS6.57affected
n/aOTCMS6.58affected
n/aOTCMS6.59affected
n/aOTCMS6.60affected
n/aOTCMS6.61affected
n/aOTCMS6.62affected

Weaknesses

  • CWE-24: CWE-24 Path Traversal: '../filedir'

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References