Description

Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.

Remediation

References

CVE-2014-8085

Related Vulnerabilities

WordPress Plugin ACF:Better Search SQL Injection (2.0.2)

WordPress Plugin Like Button Rating-LikeBtn Security Bypass (2.5.3)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3660)

Apache HTTP Server Other Vulnerability (CVE-2010-1452)

WordPress Plugin StatPressCN 'wp-admin/admin.php' Multiple Cross-Site Scripting Vulnerabilities (1.9.0)

Severity

Medium

Classification

CVE-2014-8085

Tags

Missing Update Known Vulnerabilities