Vulnerabilities > CVE-2014-8085 - Unspecified vulnerability in Osclass
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
osclass
Summary
Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>
Vulnerable Configurations
Packetstorm
| data source | https://packetstormsecurity.com/files/download/129777/KIS-2014-16.txt |
| id | PACKETSTORM:129777 |
| last seen | 2016-12-05 |
| published | 2014-12-31 |
| reporter | EgiX |
| source | https://packetstormsecurity.com/files/129777/Osclass-3.4.2-Shell-Upload.html |
| title | Osclass 3.4.2 Shell Upload |
References
- http://blog.osclass.org/2014/10/09/osclass-3-4-3-ready-download/
- http://karmainsecurity.com/KIS-2014-16
- http://packetstormsecurity.com/files/129777/Osclass-3.4.2-Shell-Upload.html
- http://seclists.org/fulldisclosure/2014/Dec/134
- http://www.securityfocus.com/archive/1/534361/100/0/threaded
- http://www.securityfocus.com/bid/71842