CVE-2023-3240
LowCVSS 3.5Exploitation Probability (EPSS)
Elevated risk57th percentile — higher than 57% of all known CVEs
Summary
A vulnerability has been identified in OTCMS versions up to 6.62 that allows path traversal attacks through argument manipulation in the usersNews_deal.php file. Exploiting this vulnerability may lead to unauthorized access to system files.
Risk Assessment
Organizations using the vulnerable version of OTCMS may be exposed to unauthorized access to sensitive data, potentially leading to serious security breaches.
Recommendation
It is recommended to update OTCMS to the latest version to mitigate this vulnerability and to monitor systems for potential exploitation attempts.
Original NVD description (English source)
A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511.

