Vulnerabilities > Otmanager

DATE CVE VULNERABILITY TITLE RISK
2009-09-08 CVE-2008-7179 Improper Authentication vulnerability in Otmanager CMS 2.4
OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php.
network
low complexity
otmanager CWE-287
7.5
2008-11-21 CVE-2008-5202 Cross-Site Scripting vulnerability in Otmanager CMS 24A
Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter.
network
otmanager CWE-79
4.3
2008-11-21 CVE-2008-5201 Path Traversal vulnerability in Otmanager CMS 24A
Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a ..
network
low complexity
otmanager CWE-22
7.5
2008-11-13 CVE-2008-5063 Code Injection vulnerability in Otmanager 2.4
PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter.
network
low complexity
otmanager CWE-94
critical
10.0