CVE-2026-30637 Otcms — Exploit & Vulnerability Details HIGH

CVE-2026-30637

HIGH CVSS 3.1: 7.5 EPSS 0.11%

Parameter	Value
CVSS	7.5 (HIGH)
Affected Versions	before 7.66
Type	CWE-918 (Server-Side Request Forgery (SSRF))
Vendor	Otcms
Public PoC	No

Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-918 Server-Side Request Forgery (SSRF)

Vulnerable Products 1

Configuration	From (including)	Up to (excluding)
Otcms Otcms cpe:2.3:a:otcms:otcms::::::::	—	`<= 7.66`

References 1

https://github.com/cryingtor/Code-Audit/blob/master/ssrf.md

cve@mitre.org

Share Post Share Share Share

Related Vulnerabilities

CVE-2024-57252

Otcms

4.3

Menu

CVE-2026-30637

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2024-57252

CVE Details

Editor's Choice

Menu

CVE-2026-30637

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2024-57252

CVE Details

Editor's Choice

Stay informed on cybersecurity