A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508.
References
Link | Resource |
---|---|
https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20contains%20a%20weak%20default%20password%20which%20gives%20attackers%20to%20access%20backstage%20management%20system.md | Exploit |
https://vuldb.com/?ctiid.231508 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.231508 | Third Party Advisory |
https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20contains%20a%20weak%20default%20password%20which%20gives%20attackers%20to%20access%20backstage%20management%20system.md | Exploit |
https://vuldb.com/?ctiid.231508 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.231508 | Third Party Advisory |
Configurations
History
21 Nov 2024, 08:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 6.3 |
References | () https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20contains%20a%20weak%20default%20password%20which%20gives%20attackers%20to%20access%20backstage%20management%20system.md - Exploit | |
References | () https://vuldb.com/?ctiid.231508 - Permissions Required, Third Party Advisory | |
References | () https://vuldb.com/?id.231508 - Third Party Advisory |
23 Jun 2023, 13:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-798 | |
References | (MISC) https://vuldb.com/?id.231508 - Third Party Advisory | |
References | (MISC) https://vuldb.com/?ctiid.231508 - Permissions Required, Third Party Advisory | |
References | (MISC) https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20contains%20a%20weak%20default%20password%20which%20gives%20attackers%20to%20access%20backstage%20management%20system.md - Exploit | |
First Time |
Otcms otcms
Otcms |
|
CPE | cpe:2.3:a:otcms:otcms:*:*:*:*:*:*:*:* |
14 Jun 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-14 08:15
Updated : 2024-11-21 08:16
NVD link : CVE-2023-3237
Mitre link : CVE-2023-3237
CVE.ORG link : CVE-2023-3237
JSON object : View
Products Affected
otcms
- otcms