A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file…
VulDB·CWE-24·Published 2023-06-14
Es wurde eine Schwachstelle in OTCMS bis 6.62 gefunden. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei admin/readDeal.php?mudi=readQrCode. Durch Manipulation des Arguments img mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.
A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability.
A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability.
Se ha encontrado una vulnerabilidad, clasificada como problemática, en OTCMS hasta la versión 6.62. Se ve afectada una función desconocida del archivo "admin/readDeal.php?mudi=readQrCode". La manipulación del argumento "img" conduce a un salto de ruta: "../filedir". El exploit ha sido revelado al público y puede ser utilizado. El identificador asignado a esta vulnerabilidad es: VDB-231510.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | cve.org | 2.7 | — | — | AV:A/AC:L/Au:S/C:P/I:N/A:N |
| 2.0 | Primary | cve.org | 2.7 | — | — | AV:A/AC:L/Au:S/C:P/I:N/A:N |
| 2.0 | Secondary | NVD | 2.7 | 5.1 | 2.9 | AV:A/AC:L/Au:S/C:P/I:N/A:N |
| 3.0 | Primary | cve.org | 3.5 | — | — | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.0 | Primary | cve.org | 3.5 | — | — | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | Primary | NVD | 7.5 | 3.9 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | Primary | cve.org | 3.5 | — | — | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | Primary | cve.org | 3.5 | — | — | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | Secondary | NVD | 3.5 | 2.1 | 1.4 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |