Lucene search

[email protected]CVE-2008-5201

HistoryNov 21, 2008 - 5:30 p.m.

CVE-2008-5201

2008-11-2117:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-5201

directory traversal

otmanager cms 24a

remote file inclusion

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.6%

JSON

Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Affected configurations

NVD

Node

otmanagerotmanager_cmsMatch24a

CPENameOperatorVersion
otmanager:otmanager_cmsotmanager otmanager cmseq24a

CPE	Name	Operator	Version
otmanager:otmanager_cms	otmanager otmanager cms	eq	24a

References

securityreason.com/securityalert/4644

www.securityfocus.com/bid/29992

exchange.xforce.ibmcloud.com/vulnerabilities/43459

www.exploit-db.com/exploits/5957

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.6%

JSON

Related for CVE-2008-5201

cvelist1 nvd1 prion1