GCVE - cpe:2.3:a:n/a:otcms:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:otcms:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Otcms (`fc9a2352-3fa1-57e9-a409-575f4759e5f7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-6772`	vulnerable	2026-06-08 06:21:55.780454	OTCMS ind_backstage.php sql injection MEDIUM (4.7) A vulnerability, which was classified as critical, was found in OTCMS 7.01. Affected is an unknown function of the file /admin/ind_backstage.php. The manipulation of the argument sqlContent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247908. Published: 2023-12-13T19:00:06.215Z Updated: 2025-05-22T18:05:37.845Z Open on db.gcve.eu Reference links https://vuldb.com/?id.247908 https://vuldb.com/?ctiid.247908 https://github.com/Num-Nine/CVE/issues/8	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3241`	vulnerable	2026-06-08 06:09:38.912192	OTCMS path traversal LOW (3.5) A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231512. Published: 2023-06-14T09:00:03.857Z Updated: 2024-08-02T06:48:08.520Z Open on db.gcve.eu Reference links https://vuldb.com/?id.231512 https://vuldb.com/?ctiid.231512 https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20read%20vulenrability%20via%20the%20filename.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3240`	vulnerable	2026-06-08 06:09:38.911736	OTCMS usersNews_deal.php path traversal LOW (3.5) A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511. Published: 2023-06-14T08:31:04.377Z Updated: 2024-11-21T16:06:53.483Z Open on db.gcve.eu Reference links https://vuldb.com/?id.231511 https://vuldb.com/?ctiid.231511 https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20download%20vulenrability%20via%20the%20filename.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3239`	vulnerable	2026-06-08 06:09:38.911113	OTCMS path traversal LOW (3.5) A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability. Published: 2023-06-14T08:31:03.407Z Updated: 2024-08-02T06:48:08.286Z Open on db.gcve.eu Reference links https://vuldb.com/?id.231510 https://vuldb.com/?ctiid.231510 https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20obtain%20the%20web%20directory%20path%20and%20other%20information%20leaked%20.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3238`	vulnerable	2026-06-08 06:09:38.910522	OTCMS server-side request forgery MEDIUM (6.3) A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231509 was assigned to this vulnerability. Published: 2023-06-14T08:00:04.536Z Updated: 2025-01-02T20:40:18.187Z Open on db.gcve.eu Reference links https://vuldb.com/?id.231509 https://vuldb.com/?ctiid.231509 https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF).md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3237`	vulnerable	2026-06-08 06:09:38.909026	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1797`	vulnerable	2026-06-08 05:52:37.054451	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1635`	vulnerable	2026-06-08 05:52:36.443589	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1634`	vulnerable	2026-06-08 05:52:36.432081	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.