Description
Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Ping Optimizer Cross-Site Request Forgery (2.35.1.2.3)
Drupal Resource Management Errors Vulnerability (CVE-2013-0316)
WordPress Plugin Custom Sidebars-Dynamic Widget Area Manager Cross-Site Scripting (2.1.0.1)
WordPress Plugin Tutor LMS Elementor Addons Cross-Site Scripting (2.1.3)