CVE Catalog

CVE-2023-3241

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.96%

57th percentile — higher than 57% of all known CVEs

Summary

A vulnerability was found in OTCMS up to version 6.62 that allows path traversal through manipulation of the url argument in the file /admin/read.php?mudi=announContent.

Risk Assessment

Exploitation of this vulnerability may lead to unauthorized access to system files, posing a serious threat to the organization's data security.

Recommendation

It is recommended to update OTCMS to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.

Original NVD description (English source)

A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231512.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS