CVE-2023-3237

MEDIUM

otcms < 6.62 - Use of Hard-coded Password

Title source: llm

Description

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508.

References (3)

Core 3

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.231508

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.231508

Exploit broken-link exploit

https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20contains%20a%20weak%20default%20password%20which%20gives%20attackers%20to%20access%20backstage%20management%20system.md

Scores

CVSS v3 6.3

EPSS 0.0093

EPSS Percentile 55.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-259 CWE-798

Status published

Products (1)

otcms/otcms < 6.62

Published Jun 14, 2023

Tracked Since Feb 18, 2026