Description
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
Remediation
References
Related Vulnerabilities
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5296)
MySQL CVE-2022-21617 Vulnerability (CVE-2022-21617)
PHP Improper Input Validation Vulnerability (CVE-2015-3330)
Oracle JRE CVE-2022-21618 Vulnerability (CVE-2022-21618)
WordPress Plugin Limit Login Attempts Cross-Site Scripting (1.7.1)