3 matches found
Osclass Security Advisory 3.4.1 - Local File Inclusion
A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter in a render action to oc-admin/index.php. id: CVE-2014-6308 info: name: Osclass Security Advisory 3.4.1 - Local File Inclusion author: daffainfo...
[KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability
------------------------------------------------------------------- Osclass = 3.4.2 Search::setJsonAlert SQL Injection Vulnerability ------------------------------------------------------------------- - Software Link: http://osclass.org/ - Affected Versions: Version 3.4.2 and probably prior...
Osclass 3.4.2 Local File Inclusion
-------------------------------------------------------------- Osclass getRoutes; 228. $rid = Params::getParam'route'; 229. $file = '../'; 230. ifisset$routes$rid && isset$routes$rid'file' 231. $file = $routes$rid'file'; 232. 233. else 234. // DEPRECATED: Disclosed path in URL is deprecated, use...