Description
Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action.
Remediation
References
Related Vulnerabilities
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4)
WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.1.44)
WordPress Plugin Sendit WP Newsletter 'id' Parameter SQL Injection (2.1.0)
Apache Tomcat Improper Input Validation Vulnerability (CVE-2016-3092)
WordPress Plugin FCChat Widget 'path' Parameter Cross-Site Scripting (2.1.7)