CVE-2008-5201

Name of the Vulnerable Software and Affected Versions OTManager CMS version 24a

Description A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files by using a .. (dot dot) in the conteudo parameter of index.php. In certain environments, this could potentially be used for remote file inclusion by utilizing a UNC share pathname or a URL starting with ftp, ftps, or ssh2.sftp.

Recommendations For OTManager CMS version 24a, avoid using the conteudo parameter in the index.php file until a patch is available. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.