Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

📄 glFusion 1.3.0 Blind SQL Injection

🗓️ 02 Feb 2026 00:00:00Reported by Omar KurtType 
packetstorm
 packetstorm🔗 packetstorm.news👁 98 Views

OsClass 3.4.1 Local File Inclusion allows unauthenticated file access exposing config and credentials; upgrade.

Related
Code
ReporterTitlePublishedViews
Family
0day.today		OsClass 3.4.1 (index.php, file param) - Local File Inclusion Vulnerability
25 Sep 201400:00
zdt
Circl		CVE-2014-6308
25 Sep 201400:00
circl
CVE		CVE-2014-6308
20 Oct 201414:00
cve
Cvelist		CVE-2014-6308
20 Oct 201414:00
cvelist
Exploit DB		OSClass 3.4.1 - 'index.php' Local File Inclusion
25 Sep 201400:00
exploitdb
exploitpack		OSClass 3.4.1 - index.php Local File Inclusion
25 Sep 201400:00
exploitpack
Nuclei		Osclass Security Advisory 3.4.1 - Local File Inclusion
5 Jun 202603:02
nuclei
NVD		CVE-2014-6308
20 Oct 201414:55
nvd
Packet Storm		OsClass 3.4.1 Local File Inclusion
17 Sep 201400:00
packetstorm
Prion		Directory traversal
20 Oct 201414:55
prion
Rows per page
OsClass 3.4.1 - Local File Inclusion (LFI)
    Advisory ID: RO-14-003
    CVE ID: CVE-2014-6308
    Severity: Critical
    Vendor: OsClass
    Product: OsClass
    Version: 3.4.1
    
    
    Overview #
    
    A Local File Inclusion (LFI) vulnerability exists in OsClass version 3.4.1 that allows remote attackers to include arbitrary files from the server.
    
    
    Vulnerability Details #
    
    Affected Versions: 3.4.1 and earlier
    
    Root Cause: Insufficient validation of user-supplied input allows attackers to manipulate file paths and include local files.
    
    
    Exploitation Requirements #
    
        No authentication required
        Direct access to the vulnerable endpoint
    
    Impact #
    
    Remote attackers can exploit this vulnerability to:
    
        Read sensitive configuration files
        Access database credentials
        View source code
        Potentially achieve remote code execution
    
    Proof of Concept #
    
    Details available upon request.
    
    
    Solution #
    
    Upgrade to a patched version of OsClass that includes proper input validation for file inclusion operations.
    
    
    References #
    
        CVE-2014-6308
    
    Timeline:
    
        [2014-01-01] - Discovered
    
    Credits: Omar Kurt

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Feb 2026 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 25
EPSS0.77875
OsClass 3.4.1Local File InclusionNo authenticationConfig filesDatabase credentialsRemote code executionCVE 2014-6308
98