CVE-2023-1797

Name of the Vulnerable Software and Affected Versions OTCMS version 6.0.1

Description A critical vulnerability was found in OTCMS, related to the absence of restrictions on file uploads. This issue affects an unknown functionality of the file sysCheckFile.php, where the mudi parameter is set to sql. The manipulation leads to unrestricted upload, allowing a remote attacker to upload arbitrary files and potentially execute arbitrary code. The exploit has been disclosed to the public.

Recommendations For OTCMS version 6.0.1, consider disabling the sysCheckFile.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the mudi parameter in the sysCheckFile.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.