Server-Side Request Forgery Vulnerability in OtCMS from J-0k3r
CVE-2024-57252

4.3MEDIUM

Key Information:

Vendor: J-0k3r
Status: OtCMS
Vendor: CVE Published:; 17 January 2025

What is CVE-2024-57252?

OtCMS versions up to V7.46 have a vulnerability that allows Server-Side Request Forgery (SSRF) via the /admin/read.php endpoint. This flaw can be exploited to read arbitrary system files, potentially leading to the exposure of sensitive information and compromising the integrity of the affected systems.

References

https://github.com/J-0k3r/some/blob/main/ssrf.pdf

https://github.com/J-0k3r/CVE-2024-57252

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 17, 2025
Vulnerability Reserved
Jan 9, 2025

CVE-2024-57252 Data

JSON