Vulnerabilities > Osclass > Osclass > 3.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-05 | CVE-2014-8085 | Unspecified vulnerability in Osclass Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory. network osclass | 6.8 |
| 2015-01-05 | CVE-2014-8084 | Path Traversal vulnerability in Osclass Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2015-01-05 | CVE-2014-8083 | SQL Injection vulnerability in Osclass SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action. | 7.5 |
| 2014-10-20 | CVE-2014-6308 | Path Traversal vulnerability in Osclass Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2014-10-20 | CVE-2014-6280 | Cross-Site Scripting vulnerability in Osclass Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/index.php. | 4.3 |