CVE-2023-3239
LowCVSS 3.5Exploitation Probability (EPSS)
Elevated risk57th percentile — higher than 57% of all known CVEs
Summary
A vulnerability was found in OTCMS up to version 6.62 that allows path traversal via manipulation of the img argument in the admin/readDeal.php?mudi=readQrCode file.
Risk Assessment
An attacker could gain access to unauthorized files in the system, potentially leading to the exposure of sensitive data.
Recommendation
It is recommended to update OTCMS to the latest version and secure the admin/readDeal.php file against unauthorized access.
Original NVD description (English source)
A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability.

