CVE Catalog

CVE-2023-3240

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.96%

57th percentile — higher than 57% of all known CVEs

Summary

A vulnerability has been identified in OTCMS versions up to 6.62 that allows path traversal attacks through argument manipulation in the usersNews_deal.php file. Exploiting this vulnerability may lead to unauthorized access to system files.

Risk Assessment

Organizations using the vulnerable version of OTCMS may be exposed to unauthorized access to sensitive data, potentially leading to serious security breaches.

Recommendation

It is recommended to update OTCMS to the latest version to mitigate this vulnerability and to monitor systems for potential exploitation attempts.

Original NVD description (English source)

A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS