3 matches found
CVE-2014-8085
OSClass before 3.4.3 suffers an unrestricted file upload vulnerability in CWebContact::doModel (contact.php). The code fails to properly validate file extensions, allowing an unauthenticated attacker to upload a PHP file via the attachment option and, after enabling the feature, access it to exec...
Osclass 3.4.2 Shell Upload Vulnerability
Osclass versions 3.4.2 and below suffer from a remote shell upload vulnerability. --------------------------------------------------------------------- Osclass redirectTo osccontacturl ; 107. 108. 109. if !moveuploadedfile$tmpName, $path 110. unset$path; 111. 112. 113. The vulnerability exists...
Osclass 3.4.2 Shell Upload
--------------------------------------------------------------------- Osclass redirectTo osccontacturl ; 107. 108. 109. if !moveuploadedfile$tmpName, $path 110. unset$path; 111. 112. 113. The vulnerability exists because of the "CWebContact::doModel" method not properly verifying the extension of...