Description
Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) edit_category_post or (2) enable_category action to index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Parsian Bank Woocommerce Cross-Site Scripting (1.0)
SharePoint Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1290)
WordPress Plugin WP Inventory Manager Cross-Site Scripting (1.7.8)
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-7930)
WordPress Plugin Gallery Plugin for WordPress-Envira Photo Gallery Cross-Site Scripting (1.8.3.2)