Description
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2024-21061 Vulnerability (CVE-2024-21061)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2133)
SharePoint Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1892)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-5459)