Colt7R

**Name of the Vulnerable Software and Affected Versions** OTManager version 2.4 **Description** A remote file inclusion issue in Admin/ADM Pagina.php allows remote attackers to execute arbitrary PHP code via a URL in the `Tipo` parameter. **Recommendations** For OTManager version 2.4, consider restricting access to the `Tipo` parameter in the affected API endpoint until a patch is available. As a temporary workaround, avoid using the `Tipo` parameter in the Admin/ADM Pagina.php file to minimize the risk of exploitation.