Description

Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.

Remediation

References

CVE-2014-6308

Related Vulnerabilities

Drupal Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2017-6928)

WordPress 'wp-db.php' Character Set SQL Injection Vulnerability (2.0 - 2.3.1)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5656)

MySQL CVE-2021-2022 Vulnerability (CVE-2021-2022)

Microsoft SQL Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5090)

Severity

Medium

Classification

CVE-2014-6308 CWE-22

Tags

Missing Update Known Vulnerabilities