Every CVE whose affected-product data names Otcms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2018-17364 — CVSS 8.1 (high): OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter.
CVE-2026-30637 — CVSS 7.5 (high): Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The…
CVE-2019-17370 — CVSS 7.2 (high): OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does…
CVE-2019-17369 — CVSS 6.5 (medium): OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated…
CVE-2023-1797 — CVSS 6.3 (medium): A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file…
CVE-2023-1634 — CVSS 6.3 (medium): A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file…
CVE-2023-3237 — CVSS 6.3 (medium): A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the…
CVE-2023-3238 — CVSS 6.3 (medium): A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the…
CVE-2018-17086 — CVSS 6.1 (medium): An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switch.php via these parameters: fieldName fieldName2 tabName.
CVE-2018-8973 — CVSS 6.1 (medium): OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request.
CVE-2018-17085 — CVSS 6.1 (medium): An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr.
CVE-2023-6772 — CVSS 4.7 (medium): A vulnerability, which was classified as critical, was found in OTCMS 7.01. Affected is an unknown function of the file…
CVE-2024-57252 — CVSS 4.3 (medium): OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily.
CVE-2023-3240 — CVSS 3.5 (low): A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown…
CVE-2023-3239 — CVSS 3.5 (low): A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file…
CVE-2023-1635 — CVSS 3.5 (low): A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the…
CVE-2023-3241 — CVSS 3.5 (low): A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the…