otcms

Top products

The 15 most recently published vulnerabilities affecting otcms.

• CVE-2026-30637Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, with...7.5Mar 27, 2026
• CVE-2024-57252OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily.4.3Jan 17, 2025
• CVE-2023-6772OTCMS ind_backstage.php sql injection4.7Dec 13, 2023
• CVE-2023-3241OTCMS path traversal3.5Jun 14, 2023
• CVE-2023-3240OTCMS usersNews_deal.php path traversal3.5Jun 14, 2023
• CVE-2023-3239OTCMS path traversal3.5Jun 14, 2023
• CVE-2023-3238OTCMS server-side request forgery6.3Jun 14, 2023
• CVE-2023-3237OTCMS hard-coded password6.3Jun 14, 2023
• CVE-2023-1797OTCMS unrestricted upload6.3Apr 2, 2023
• CVE-2023-1635OTCMS apiRun.php AutoRun cross site scripting3.5Mar 25, 2023
• CVE-2023-1634OTCMS URL Parameter info_deal.php UseCurl server-side request forgery6.3Mar 25, 2023
• CVE-2019-17370OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, th...7.2Oct 9, 2019
• CVE-2019-17369OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin.6.5Oct 9, 2019
• CVE-2019-13971OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request.6.1Jul 19, 2019
• CVE-2018-17364OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter.8.1Sep 23, 2018