A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown function of the file usersNews_deal.php. The manipulation of the argument file with an unknown input leads to a path traversal vulnerability. The CWE definition for the vulnerability is CWE-24. The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory. As an impact it is known to affect confidentiality.

The weakness was released 06/14/2023. It is possible to read the advisory at github.com. This vulnerability is known as CVE-2023-3240. Technical details and also a public exploit are known. The attack technique deployed by this issue is T1006 according to MITRE ATT&CK.

It is possible to download the exploit at github.com. It is declared as proof-of-concept. By approaching the search of inurl:usersNews_deal.php it is possible to find vulnerable targets with Google Hacking.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Name

• OTCMS

Version

• 6.0
• 6.1
• 6.2
• 6.3
• 6.4
• 6.5
• 6.6
• 6.7
• 6.8
• 6.9
• 6.10
• 6.11
• 6.12
• 6.13
• 6.14
• 6.15
• 6.16
• 6.17
• 6.18
• 6.19
• 6.20
• 6.21
• 6.22
• 6.23
• 6.24
• 6.25
• 6.26
• 6.27
• 6.28
• 6.29
• 6.30
• 6.31
• 6.32
• 6.33
• 6.34
• 6.35
• 6.36
• 6.37
• 6.38
• 6.39
• 6.40
• 6.41
• 6.42
• 6.43
• 6.44
• 6.45
• 6.46
• 6.47
• 6.48
• 6.49
• 6.50
• 6.51
• 6.52
• 6.53
• 6.54
• 6.55
• 6.56
• 6.57
• 6.58
• 6.59
• 6.60
• 6.61
• 6.62

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Submitinfo

Accepted

• Submit #165199: OTCMS was discovered to contain an arbitrary file download vulenrability via the filename (by p0ison)

Discussion