Description
Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.25)
WordPress Plugin WP-Board SQL Injection (1.1)
WordPress Plugin Meow Gallery (+ Gallery Block) SQL Injection (4.1.8)
Oracle Application Server Other Vulnerability (CVE-2007-3863)
WordPress Plugin BackupBuddy Multiple Vulnerabilities (8.0.1.8)