QwikSec

Security Database

CVE

CWE

Training

CVE-2014-8085

Published: Jan 5, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/129777/Osclass-3.4.2-Shell-Upload.html

x_refsource_MISC

vdb-entry

x_refsource_BID

http://karmainsecurity.com/KIS-2014-16

x_refsource_MISC

http://blog.osclass.org/2014/10/09/osclass-3-4-3-ready-download/

x_refsource_CONFIRM

20141231 [KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability

mailing-list

x_refsource_BUGTRAQ

20141231 [KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.