CVE-2011-5141

Open Business Management < 2.4.0 - Authenticated Path Traversal via Module Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in exportcsv/exportcsv_index.php in Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the module parameter in an export_page action.

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_osvdb
http://osvdb.org/78003
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71921

Scores

EPSS 0.0130
EPSS Percentile 66.9%

Details

CWE
CWE-22
Status published
Products (1)
obm/open_business_management < 2.4.0
Published Aug 31, 2012
Tracked Since Feb 18, 2026