conejoninja

2 exploits Active since Sep 2012

CVE-2012-1617 WRITEUP WRITEUP

OSClass < 2.3.6 - Path Traversal and Arbitrary File Write via Combine.php Type Parameter

Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files.

View Code

CVE-2012-0973 WRITEUP WRITEUP

OSClass < 2.3.5 - SQL Injection via sCategory Parameter

Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information.

View Code