Description

Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.

Remediation

References

CVE-2014-6308

Related Vulnerabilities

Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1000864)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.29)

PHP Other Vulnerability (CVE-2007-1376)

OpenSSL Resource Management Errors Vulnerability (CVE-2014-3507)

FluxBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-10029)

Severity

Medium

Classification

CVE-2014-6308 CWE-22

Tags

Missing Update Known Vulnerabilities