Description
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ibtana-Ecommerce Product Addons Cross-Site Scripting (0.2.3)
WordPress Plugin Custom Simple Rss Cross-Site Request Forgery (2.0.6)
WordPress Plugin AdRotate-Ad manager & AdSense Ads SQL Injection (5.2)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.19)
WordPress Plugin Arigato Autoresponder and Newsletter Multiple Unspecified Vulnerabilities (2.4.2)