CVE-2008-5201

CVSS 7.5 - HIGH

Description

Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Affected Products

1

Vendor	Product	Version
otmanager	otmanager_cms	`24a`

References

http://securityreason.com/securityalert/4644

http://www.securityfocus.com/bid/29992

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

https://www.exploit-db.com/exploits/5957

http://securityreason.com/securityalert/4644

http://www.securityfocus.com/bid/29992

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

https://www.exploit-db.com/exploits/5957

Weakness Types

CWE-22

CVE Information

CVE ID:: CVE-2008-5201
Published:: 2008-11-21
Modified:: 2026-04-23
CVSS Score:: 7.5
Severity:: HIGH
Vector:: AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Vendors

otmanager

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL