3 matches found
CVE-2008-5201
CVE-2008-5201 concerns OTManager CMS 24a, where a directory traversal flaw in index.php allows an attacker to include and execute arbitrary local files via the conteudo parameter. The root cause is improper handling of the .. path segment, enabling traversal to critical files; in some environment...
CVE-2008-5202
CVE-2008-5202 describes an XSS vulnerability in OTManager CMS 24a, where the parameter conteudo in index.php is not properly sanitized. This allows remote attackers to inject arbitrary web script or HTML, potentially compromising the victim’s browser session. Affected product: OTManager CMS 24a (...
CVE-2008-7179
The CVE-2008-7179 entry describes an authentication bypass in OTManager CMS 2.4. An attacker can gain administrator privileges by manipulating the cookies ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome to values that are valid in Admin/index.php. The vulnerability allows remote access without authentic...