CVE-2023-3238

Name of the Vulnerable Software and Affected Versions OTCMS versions up to 6.62

Description A critical issue has been found in OTCMS, affecting the processing of the file /admin/read.php?mudi=getSignal. The manipulation of the signalUrl argument leads to server-side request forgery. This issue can be exploited remotely.

Recommendations For OTCMS versions up to 6.62, consider disabling access to the /admin/read.php endpoint until a fix is available. As a temporary workaround, restrict the use of the signalUrl argument in the affected endpoint to minimize the risk of exploitation.