CVE-2011-5141
Open Business Management < 2.4.0 - Authenticated Path Traversal via Module Parameter
Title source: llmDescription
Directory traversal vulnerability in exportcsv/exportcsv_index.php in Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the module parameter in an export_page action.
References (3)
Core 3
Core References
Exploit x_refsource_misc
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_obm.html
Exploit vdb-entry
x_refsource_osvdb
http://osvdb.org/78003
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71921
Scores
EPSS
0.0130
EPSS Percentile
66.9%
Details
CWE
CWE-22
Status
published
Products (1)
obm/open_business_management
< 2.4.0
Published
Aug 31, 2012
Tracked Since
Feb 18, 2026