Vulnerability Details CVE-2014-8085
Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.5%
CVSS Severity
CVSS v2 Score 6.8
References
- http://blog.osclass.org/2014/10/09/osclass-3-4-3-ready-download/
- http://karmainsecurity.com/KIS-2014-16
- http://packetstormsecurity.com/files/129777/Osclass-3.4.2-Shell-Upload.html
- http://seclists.org/fulldisclosure/2014/Dec/134
- http://www.securityfocus.com/archive/1/534361/100/0/threaded
- http://www.securityfocus.com/bid/71842
- http://blog.osclass.org/2014/10/09/osclass-3-4-3-ready-download/
- http://karmainsecurity.com/KIS-2014-16
- http://packetstormsecurity.com/files/129777/Osclass-3.4.2-Shell-Upload.html
- http://seclists.org/fulldisclosure/2014/Dec/134
- http://www.securityfocus.com/archive/1/534361/100/0/threaded
- http://www.securityfocus.com/bid/71842
Products affected by CVE-2014-8085
-
cpe:2.3:a:osclass:osclass:1.0
-
cpe:2.3:a:osclass:osclass:1.1
-
cpe:2.3:a:osclass:osclass:1.2
-
cpe:2.3:a:osclass:osclass:2.0
-
cpe:2.3:a:osclass:osclass:2.0.1
-
cpe:2.3:a:osclass:osclass:2.0.2
-
cpe:2.3:a:osclass:osclass:2.0.3
-
cpe:2.3:a:osclass:osclass:2.1
-
cpe:2.3:a:osclass:osclass:2.1.1
-
cpe:2.3:a:osclass:osclass:2.2
-
cpe:2.3:a:osclass:osclass:2.2.1
-
cpe:2.3:a:osclass:osclass:2.2.2
-
cpe:2.3:a:osclass:osclass:2.2.3
-
cpe:2.3:a:osclass:osclass:2.3
-
cpe:2.3:a:osclass:osclass:2.3.1
-
cpe:2.3:a:osclass:osclass:2.3.2
-
cpe:2.3:a:osclass:osclass:2.3.3
-
cpe:2.3:a:osclass:osclass:2.3.4
-
cpe:2.3:a:osclass:osclass:2.3.5
-
cpe:2.3:a:osclass:osclass:2.3.6
-
cpe:2.3:a:osclass:osclass:2.3.7
-
cpe:2.3:a:osclass:osclass:2.4
-
cpe:2.3:a:osclass:osclass:2.4.1
-
cpe:2.3:a:osclass:osclass:3.0
-
cpe:2.3:a:osclass:osclass:3.0.1
-
cpe:2.3:a:osclass:osclass:3.0.2
-
cpe:2.3:a:osclass:osclass:3.1
-
cpe:2.3:a:osclass:osclass:3.1.1
-
cpe:2.3:a:osclass:osclass:3.1.2
-
cpe:2.3:a:osclass:osclass:3.2
-
cpe:2.3:a:osclass:osclass:3.2.0
-
cpe:2.3:a:osclass:osclass:3.2.1
-
cpe:2.3:a:osclass:osclass:3.2.2
-
cpe:2.3:a:osclass:osclass:3.3
-
cpe:2.3:a:osclass:osclass:3.3.0
-
cpe:2.3:a:osclass:osclass:3.3.1
-
cpe:2.3:a:osclass:osclass:3.4.0
-
cpe:2.3:a:osclass:osclass:3.4.1
-
cpe:2.3:a:osclass:osclass:3.4.2