Description
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin GiveWP-Donation and Fundraising Platform Multiple Vulnerabilities (2.20.2)
WordPress Plugin SendGrid Cross-Site Scripting (1.10.7)
WordPress Plugin Resume Submissions & Job Postings Arbitrary File Upload (2.5.1)
Apache Tomcat Other Vulnerability (CVE-2007-2449)
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2018-16890)