| Title | OTCMS contains a weak default password which gives attackers to access backstage management system |
|---|
| Description | OTCMS contains a weak default password which gives attackers to access backstage management system. It has been declared as problematic. OTCMS contains a weak default password which gives attackers to access backstage management system. The default account password is admin/admin. The problem lies in the pic_save function in sys/apps/controllers/admin/Comic.php, which is utilized to cause ssrf by controlling $pic.
|
|---|
| Source | ⚠️ https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20contains%20a%20weak%20default%20password%20which%20gives%20attackers%20to%20access%20backstage%20management%20system.md |
|---|
| User | p0ison (UID 37575) |
|---|
| Submission | 06/06/2023 08:35 (3 years ago) |
|---|
| Moderation | 06/14/2023 08:13 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 231508 [OTCMS up to 6.62 username/password hard-coded password] |
|---|
| Points | 20 |
|---|