Headline
CVE-2023-3239: HuBenVulList/OTCMS was discovered obtain the web directory path and other information leaked .md at main · HuBenLab/HuBenVulList
A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '…/filedir’. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability.
Permalink
Cannot retrieve contributors at this time
OTCMS was discovered obtain the web directory path and other information leaked****Description
OTCMS was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request.
Vendor Homepage****Author****Proof of Concept
payload:
admin/readDeal.php?mudi=readQrCode&img=../../../../../../../../../etc/passwd