Description
Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-2776 Vulnerability (CVE-2018-2776)
WordPress Plugin TC Custom JavaScript Cross-Site Scripting (1.2.1)
WordPress Plugin Dtracker Multiple Vulnerabilities (1.5)
WordPress Plugin The Welcomizer 'twiz-index.php' Cross-Site Scripting (1.3.9.4)
WordPress 4.5.x Denial of Service Vulnerability (4.5 - 4.5.13)