CVE-2023-3240 - Vulnerability Details - OpenCVE

ReportizFlow

A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Otcms	Otcms

Configuration 1 [-]

cpe:2.3:a:otcms:otcms:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20download%20vulenrability%20via%20the%20filename.md
https://vuldb.com/?ctiid.231511
https://vuldb.com/?id.231511

History

Thu, 21 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-06-14T08:31:04.377Z

Updated: 2024-11-21T16:06:53.483Z

Reserved: 2023-06-14T06:12:42.962Z

Link: CVE-2023-3240

Vulnrichment

Updated: 2024-08-02T06:48:08.509Z

NVD

Status : Modified

Published: 2023-06-14T09:15:09.717

Modified: 2024-11-21T08:16:46.590

Link: CVE-2023-3240

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3240", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-06-14T06:12:42.962Z", "datePublished": "2023-06-14T08:31:04.377Z", "dateUpdated": "2024-11-21T16:06:53.483Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-13T07:35:51.673Z"}, "title": "OTCMS usersNews_deal.php path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-24", "lang": "en", "description": "CWE-24 Path Traversal: '../filedir'"}]}], "affected": [{"vendor": "n/a", "product": "OTCMS", "versions": [{"version": "6.0", "status": "affected"}, {"version": "6.1", "status": "affected"}, {"version": "6.2", "status": "affected"}, {"version": "6.3", "status": "affected"}, {"version": "6.4", "status": "affected"}, {"version": "6.5", "status": "affected"}, {"version": "6.6", "status": "affected"}, {"version": "6.7", "status": "affected"}, {"version": "6.8", "status": "affected"}, {"version": "6.9", "status": "affected"}, {"version": "6.10", "status": "affected"}, {"version": "6.11", "status": "affected"}, {"version": "6.12", "status": "affected"}, {"version": "6.13", "status": "affected"}, {"version": "6.14", "status": "affected"}, {"version": "6.15", "status": "affected"}, {"version": "6.16", "status": "affected"}, {"version": "6.17", "status": "affected"}, {"version": "6.18", "status": "affected"}, {"version": "6.19", "status": "affected"}, {"version": "6.20", "status": "affected"}, {"version": "6.21", "status": "affected"}, {"version": "6.22", "status": "affected"}, {"version": "6.23", "status": "affected"}, {"version": "6.24", "status": "affected"}, {"version": "6.25", "status": "affected"}, {"version": "6.26", "status": "affected"}, {"version": "6.27", "status": "affected"}, {"version": "6.28", "status": "affected"}, {"version": "6.29", "status": "affected"}, {"version": "6.30", "status": "affected"}, {"version": "6.31", "status": "affected"}, {"version": "6.32", "status": "affected"}, {"version": "6.33", "status": "affected"}, {"version": "6.34", "status": "affected"}, {"version": "6.35", "status": "affected"}, {"version": "6.36", "status": "affected"}, {"version": "6.37", "status": "affected"}, {"version": "6.38", "status": "affected"}, {"version": "6.39", "status": "affected"}, {"version": "6.40", "status": "affected"}, {"version": "6.41", "status": "affected"}, {"version": "6.42", "status": "affected"}, {"version": "6.43", "status": "affected"}, {"version": "6.44", "status": "affected"}, {"version": "6.45", "status": "affected"}, {"version": "6.46", "status": "affected"}, {"version": "6.47", "status": "affected"}, {"version": "6.48", "status": "affected"}, {"version": "6.49", "status": "affected"}, {"version": "6.50", "status": "affected"}, {"version": "6.51", "status": "affected"}, {"version": "6.52", "status": "affected"}, {"version": "6.53", "status": "affected"}, {"version": "6.54", "status": "affected"}, {"version": "6.55", "status": "affected"}, {"version": "6.56", "status": "affected"}, {"version": "6.57", "status": "affected"}, {"version": "6.58", "status": "affected"}, {"version": "6.59", "status": "affected"}, {"version": "6.60", "status": "affected"}, {"version": "6.61", "status": "affected"}, {"version": "6.62", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511."}, {"lang": "de", "value": "In OTCMS bis 6.62 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei usersNews_deal.php. Mittels dem Manipulieren des Arguments file mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.7, "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2023-06-14T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-06-14T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-06-14T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-07-13T10:00:15.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "p0ison (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.231511", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.231511", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20download%20vulenrability%20via%20the%20filename.md", "tags": ["broken-link", "exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:08.509Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.231511", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.231511", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20download%20vulenrability%20via%20the%20filename.md", "tags": ["broken-link", "exploit", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-21T16:06:39.308991Z", "id": "CVE-2023-3240", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-21T16:06:53.483Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.231511", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.231511", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20download%20vulenrability%20via%20the%20filename.md", "tags": ["broken-link", "exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:08.509Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3240", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-21T16:06:39.308991Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-21T16:06:46.896Z"}}], "cna": {"title": "OTCMS usersNews_deal.php path traversal", "credits": [{"lang": "en", "type": "reporter", "value": "p0ison (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.7, "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N"}}], "affected": [{"vendor": "n/a", "product": "OTCMS", "versions": [{"status": "affected", "version": "6.0"}, {"status": "affected", "version": "6.1"}, {"status": "affected", "version": "6.2"}, {"status": "affected", "version": "6.3"}, {"status": "affected", "version": "6.4"}, {"status": "affected", "version": "6.5"}, {"status": "affected", "version": "6.6"}, {"status": "affected", "version": "6.7"}, {"status": "affected", "version": "6.8"}, {"status": "affected", "version": "6.9"}, {"status": "affected", "version": "6.10"}, {"status": "affected", "version": "6.11"}, {"status": "affected", "version": "6.12"}, {"status": "affected", "version": "6.13"}, {"status": "affected", "version": "6.14"}, {"status": "affected", "version": "6.15"}, {"status": "affected", "version": "6.16"}, {"status": "affected", "version": "6.17"}, {"status": "affected", "version": "6.18"}, {"status": "affected", "version": "6.19"}, {"status": "affected", "version": "6.20"}, {"status": "affected", "version": "6.21"}, {"status": "affected", "version": "6.22"}, {"status": "affected", "version": "6.23"}, {"status": "affected", "version": "6.24"}, {"status": "affected", "version": "6.25"}, {"status": "affected", "version": "6.26"}, {"status": "affected", "version": "6.27"}, {"status": "affected", "version": "6.28"}, {"status": "affected", "version": "6.29"}, {"status": "affected", "version": "6.30"}, {"status": "affected", "version": "6.31"}, {"status": "affected", "version": "6.32"}, {"status": "affected", "version": "6.33"}, {"status": "affected", "version": "6.34"}, {"status": "affected", "version": "6.35"}, {"status": "affected", "version": "6.36"}, {"status": "affected", "version": "6.37"}, {"status": "affected", "version": "6.38"}, {"status": "affected", "version": "6.39"}, {"status": "affected", "version": "6.40"}, {"status": "affected", "version": "6.41"}, {"status": "affected", "version": "6.42"}, {"status": "affected", "version": "6.43"}, {"status": "affected", "version": "6.44"}, {"status": "affected", "version": "6.45"}, {"status": "affected", "version": "6.46"}, {"status": "affected", "version": "6.47"}, {"status": "affected", "version": "6.48"}, {"status": "affected", "version": "6.49"}, {"status": "affected", "version": "6.50"}, {"status": "affected", "version": "6.51"}, {"status": "affected", "version": "6.52"}, {"status": "affected", "version": "6.53"}, {"status": "affected", "version": "6.54"}, {"status": "affected", "version": "6.55"}, {"status": "affected", "version": "6.56"}, {"status": "affected", "version": "6.57"}, {"status": "affected", "version": "6.58"}, {"status": "affected", "version": "6.59"}, {"status": "affected", "version": "6.60"}, {"status": "affected", "version": "6.61"}, {"status": "affected", "version": "6.62"}]}], "timeline": [{"lang": "en", "time": "2023-06-14T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2023-06-14T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2023-06-14T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2023-07-13T10:00:15.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.231511", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.231511", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20download%20vulenrability%20via%20the%20filename.md", "tags": ["broken-link", "exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511."}, {"lang": "de", "value": "In OTCMS bis 6.62 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei usersNews_deal.php. Mittels dem Manipulieren des Arguments file mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-24", "description": "CWE-24 Path Traversal: '../filedir'"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-13T07:35:51.673Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3240", "state": "PUBLISHED", "dateUpdated": "2024-11-21T16:06:53.483Z", "dateReserved": "2023-06-14T06:12:42.962Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2023-06-14T08:31:04.377Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:otcms:otcms:*:*:*:*:*:*:*:*", "matchCriteriaId": "D15D5B62-76C4-47E8-8039-402DDCC3E233", "versionEndIncluding": "6.62", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en OTCMS hasta la versi\u00f3n 6.62 y se ha clasificado como problem\u00e1tica. Una funcionalidad desconocida del archivo \"usersNews_deal.php\" est\u00e1 afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento \"file\" conduce a un salto de ruta: \"../filedir\". El exploit ha sido revelado al p\u00fablico y puede ser utilizado. El identificador asociado de esta vulnerabilidad es VDB-231511. "}], "id": "CVE-2023-3240", "lastModified": "2024-11-21T08:16:46.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-06-14T09:15:09.717", "references": [{"source": "[email protected]", "tags": ["Exploit"], "url": "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20download%20vulenrability%20via%20the%20filename.md"}, {"source": "[email protected]", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.231511"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.231511"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20download%20vulenrability%20via%20the%20filename.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.231511"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.231511"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-24"}], "source": "[email protected]", "type": "Secondary"}]}