Vulnerabilities > Osclass

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-24	CVE-2016-10751	Path Traversal vulnerability in Osclass 3.6.1 osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. network low complexity osclass CWE-22	6.5
2019-01-03	CVE-2018-14481	Cross-site Scripting vulnerability in Osclass 3.7.4 Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280. network osclass CWE-79	4.3
2015-01-05	CVE-2014-8085	Unspecified vulnerability in Osclass Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory. network osclass	6.8
2015-01-05	CVE-2014-8084	Path Traversal vulnerability in Osclass Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. network low complexity osclass CWE-22	7.5
2015-01-05	CVE-2014-8083	SQL Injection vulnerability in Osclass SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action. network low complexity osclass CWE-89	7.5
2014-10-20	CVE-2014-6308	Path Traversal vulnerability in Osclass Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. network low complexity osclass CWE-22	5.0
2014-10-20	CVE-2014-6280	Cross-Site Scripting vulnerability in Osclass Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/index.php. network osclass CWE-79	4.3
2012-09-26	CVE-2012-5163	Cross-Site Scripting vulnerability in Osclass Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category action to index.php. network osclass CWE-79	4.3
2012-09-26	CVE-2012-5162	SQL Injection vulnerability in Osclass Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) edit_category_post or (2) enable_category action to index.php. network low complexity osclass CWE-89	6.5
2012-09-25	CVE-2012-0973	SQL Injection vulnerability in Osclass Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. network low complexity osclass CWE-89	7.5

Vulnerabilities > Osclass {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Osclass"}]}

Vulnerabilities > Osclass