CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-5201

Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 73.9%

CVSS Severity

CVSS v2 Score 7.5

References

http://securityreason.com/securityalert/4644
http://www.securityfocus.com/bid/29992
https://exchange.xforce.ibmcloud.com/vulnerabilities/43459
https://www.exploit-db.com/exploits/5957
http://securityreason.com/securityalert/4644
http://www.securityfocus.com/bid/29992
https://exchange.xforce.ibmcloud.com/vulnerabilities/43459
https://www.exploit-db.com/exploits/5957

Products affected by CVE-2008-5201

Otmanager » Otmanager Cms » Version: 24a

cpe:2.3:a:otmanager:otmanager_cms:24a

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-5201

Products

Pricing

Contact Us