Osclass: >> Osclass >> 3.4.2 Security Vulnerabilities
Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.
CVSS Score
6.8
EPSS Score
0.01
Published
2015-01-05
Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action.
CVSS Score
7.5
EPSS Score
0.029
Published
2015-01-05
SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action.
CVSS Score
7.5
EPSS Score
0.006
Published
2015-01-05