CVE Catalog

CVE-2023-3239

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.96%

57th percentile — higher than 57% of all known CVEs

Summary

A vulnerability was found in OTCMS up to version 6.62 that allows path traversal via manipulation of the img argument in the admin/readDeal.php?mudi=readQrCode file.

Risk Assessment

An attacker could gain access to unauthorized files in the system, potentially leading to the exposure of sensitive data.

Recommendation

It is recommended to update OTCMS to the latest version and secure the admin/readDeal.php file against unauthorized access.

Original NVD description (English source)

A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS