CVE-2023-3237

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508.
Configurations

Configuration 1 (hide)

cpe:2.3:a:otcms:otcms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:16

Type Values Removed Values Added
CVSS v2 : 5.8
v3 : 9.8
v2 : 5.8
v3 : 6.3
References () https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20contains%20a%20weak%20default%20password%20which%20gives%20attackers%20to%20access%20backstage%20management%20system.md - Exploit () https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20contains%20a%20weak%20default%20password%20which%20gives%20attackers%20to%20access%20backstage%20management%20system.md - Exploit
References () https://vuldb.com/?ctiid.231508 - Permissions Required, Third Party Advisory () https://vuldb.com/?ctiid.231508 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.231508 - Third Party Advisory () https://vuldb.com/?id.231508 - Third Party Advisory

23 Jun 2023, 13:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-259 CWE-798
References (MISC) https://vuldb.com/?id.231508 - (MISC) https://vuldb.com/?id.231508 - Third Party Advisory
References (MISC) https://vuldb.com/?ctiid.231508 - (MISC) https://vuldb.com/?ctiid.231508 - Permissions Required, Third Party Advisory
References (MISC) https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20contains%20a%20weak%20default%20password%20which%20gives%20attackers%20to%20access%20backstage%20management%20system.md - (MISC) https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20contains%20a%20weak%20default%20password%20which%20gives%20attackers%20to%20access%20backstage%20management%20system.md - Exploit
First Time Otcms otcms
Otcms
CPE cpe:2.3:a:otcms:otcms:*:*:*:*:*:*:*:*

14 Jun 2023, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-14 08:15

Updated : 2024-11-21 08:16


NVD link : CVE-2023-3237

Mitre link : CVE-2023-3237

CVE.ORG link : CVE-2023-3237


JSON object : View

Products Affected

otcms

  • otcms
CWE
CWE-259

Use of Hard-coded Password

CWE-798

Use of Hard-coded Credentials