Description

Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2012-0973

Related Vulnerabilities

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.29)

WordPress Plugin Zingiri Web Shop 'wpabspath' Parameter Remote File Include (2.2.0)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.15)

WordPress Plugin Client Invoicing by Sprout Invoices-Easy Estimates and Invoices for WordPress Cross-Site Scripting (19.9.6)

WordPress Plugin Search Everything SQL Injection (8.1.5)

Severity

High

Classification

CVE-2012-0973 CWE-138

Tags

Missing Update Known Vulnerabilities