Shodan
Vulnerabilities
Vulnerable Software
Osclass:  >> Osclass  >> 3.1.1  Security Vulnerabilities
CVE-2014-8085
Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.
CVSS Score
6.8
EPSS Score
0.01
Published
2015-01-05
CVE-2014-8084
Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action.
CVSS Score
7.5
EPSS Score
0.029
Published
2015-01-05
CVE-2014-8083
SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action.
CVSS Score
7.5
EPSS Score
0.006
Published
2015-01-05
CVE-2014-6280
Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/index.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-10-20
CVE-2014-6308
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
CVSS Score
5.0
EPSS Score
0.741
Published
2014-10-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved