5 matches found
CVE-2014-8084
Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the ajaxfile parameter in a custom action...
CVE-2014-8084
OSClass before 3.4.3 is affected by CVE-2014-8084, a local file inclusion in the ajax.php controller (custom action). The flaw stems from unsanitized input passed via the ajaxfile/route mechanism, which is used to determine the file to require, allowing an attacker to include and execute arbitrar...
[KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability
-------------------------------------------------------------- Osclass = 3.4.2 ajax.php Local File Inclusion Vulnerability -------------------------------------------------------------- - Software Link: http://osclass.org/ - Affected Versions: Version 3.4.2 and probably prior versions. -...
Osclass 3.4.2 Local File Inclusion Vulnerability
Osclass versions 3.4.2 and below suffer from a local file inclusion vulnerability. -------------------------------------------------------------- Osclass getRoutes; 228. $rid = Params::getParam'route'; 229. $file = '../'; 230. ifisset$routes$rid && isset$routes$rid'file' 231. $file =...
Osclass 3.4.2 Local File Inclusion
-------------------------------------------------------------- Osclass getRoutes; 228. $rid = Params::getParam'route'; 229. $file = '../'; 230. ifisset$routes$rid && isset$routes$rid'file' 231. $file = $routes$rid'file'; 232. 233. else 234. // DEPRECATED: Disclosed path in URL is deprecated, use...