CVE-2012-1617

OSClass < 2.3.6 - Path Traversal and Arbitrary File Write via Combine.php Type Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1617. PoCs published by Filippo Cavallarin.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload and directory traversal vulnerability in OSClass 2.3.5. It leverages the `combine.php` script to move files and execute arbitrary PHP code by manipulating the `type` and `files` parameters.

Description

Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Filippo Cavallarin · textwebappsphp

https://www.exploit-db.com/exploits/36917

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload and directory traversal vulnerability in OSClass 2.3.5. It leverages the `combine.php` script to move files and execute arbitrary PHP code by manipulating the `type` and `files` parameters.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OSClass 2.3.5

No auth needed

Prerequisites: Access to the OSClass web interface · Ability to upload files · Control over the User-Agent header

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-03/0024.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/48284

Exploit mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/04/03/1

Exploit, Patch x_refsource_confirm

https://github.com/osclass/OSClass/commit/a40b76695994442644e46e1b776d79660500566a

View Exploit ZIP pw:eip

Exploit, Patch mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/04/04/7

Exploit, Patch x_refsource_confirm

https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1

View Exploit ZIP pw:eip

Exploit x_refsource_misc

http://www.codseq.it/advisories/osclass_directory_traversal_vulnerability

Exploit, Patch x_refsource_confirm

http://osclass.org/2012/03/05/osclass-2-3-6/

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/52336

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/04/02/6

Exploit, Patch x_refsource_confirm

https://github.com/osclass/OSClass/commit/1e7626f4e1a26371480989c0b937f107ea9a6d4b

View Exploit ZIP pw:eip

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/04/02/1

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/73754

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/73755

Scores

EPSS 0.0994

EPSS Percentile 95.0%

Details

CWE

CWE-22

Status published

Products (18)

juan_ramon/osclass 1.1 (2 CPE variants)

juan_ramon/osclass 1.2 alpha (3 CPE variants)

juan_ramon/osclass 2.0 (2 CPE variants)

juan_ramon/osclass 2.0.1

juan_ramon/osclass 2.0.2

juan_ramon/osclass 2.0.3

juan_ramon/osclass 2.1

juan_ramon/osclass 2.1.1

juan_ramon/osclass 2.2

juan_ramon/osclass 2.2.1

... and 8 more

Published Sep 26, 2012

Tracked Since Feb 18, 2026