2023-06-14 07:00:44 +00:00
{
2023-06-14 09:00:44 +00:00
"data_version" : "4.0" ,
2023-06-14 07:00:44 +00:00
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"CVE_data_meta" : {
"ID" : "CVE-2023-3239" ,
2023-06-14 09:00:44 +00:00
"ASSIGNER" : "cna@vuldb.com" ,
"STATE" : "PUBLIC"
2023-06-14 07:00:44 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2023-06-14 09:00:44 +00:00
"value" : "A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability."
} ,
{
"lang" : "deu" ,
"value" : "Es wurde eine Schwachstelle in OTCMS bis 6.62 gefunden. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei admin/readDeal.php?mudi=readQrCode. Durch Manipulation des Arguments img mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-24 Path Traversal: '../filedir'" ,
"cweId" : "CWE-24"
}
]
}
]
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "n/a" ,
"product" : {
"product_data" : [
{
"product_name" : "OTCMS" ,
"version" : {
"version_data" : [
{
"version_affected" : "=" ,
"version_value" : "6.0"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.3"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.4"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.5"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.6"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.7"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.8"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.9"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.10"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.11"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.12"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.13"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.14"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.15"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.16"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.17"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.18"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.19"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.20"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.21"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.22"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.23"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.24"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.25"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.26"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.27"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.28"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.29"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.30"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.31"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.32"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.33"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.34"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.35"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.36"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.37"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.38"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.39"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.40"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.41"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.42"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.43"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.44"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.45"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.46"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.47"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.48"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.49"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.50"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.51"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.52"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.53"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.54"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.55"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.56"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.57"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.58"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.59"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.60"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.61"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.62"
}
]
}
}
]
}
}
]
}
} ,
"references" : {
"reference_data" : [
{
"url" : "https://vuldb.com/?id.231510" ,
"refsource" : "MISC" ,
"name" : "https://vuldb.com/?id.231510"
} ,
{
"url" : "https://vuldb.com/?ctiid.231510" ,
"refsource" : "MISC" ,
"name" : "https://vuldb.com/?ctiid.231510"
} ,
{
"url" : "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20obtain%20the%20web%20directory%20path%20and%20other%20information%20leaked%20.md" ,
"refsource" : "MISC" ,
"name" : "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20obtain%20the%20web%20directory%20path%20and%20other%20information%20leaked%20.md"
}
]
} ,
"credits" : [
{
"lang" : "en" ,
"value" : "p0ison (VulDB User)"
}
] ,
"impact" : {
"cvss" : [
{
"version" : "3.1" ,
"baseScore" : 3.5 ,
"vectorString" : "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" ,
"baseSeverity" : "LOW"
} ,
{
"version" : "3.0" ,
"baseScore" : 3.5 ,
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" ,
"baseSeverity" : "LOW"
} ,
{
"version" : "2.0" ,
"baseScore" : 2.7 ,
2023-10-23 14:00:32 +00:00
"vectorString" : "AV:A/AC:L/Au:S/C:P/I:N/A:N"
2023-06-14 07:00:44 +00:00
}
]
}
}
