CVE-2012-1617

Juan Ramon Osclass < 2.3.5 - Path Traversal

Title source: rule
STIX 2.1

Description

Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Filippo Cavallarin · textwebappsphp
https://www.exploit-db.com/exploits/36917

References (14)

Core 14
Core References
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-03/0024.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48284
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/03/1
Exploit, Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/04/7
Exploit, Patch x_refsource_confirm
http://osclass.org/2012/03/05/osclass-2-3-6/
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52336
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/02/6
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/02/1
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73754
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73755

Scores

EPSS 0.0907
EPSS Percentile 92.7%

Details

CWE
CWE-22
Status published
Products (18)
juan_ramon/osclass 1.1 (2 CPE variants)
juan_ramon/osclass 1.2 alpha (3 CPE variants)
juan_ramon/osclass 2.0 (2 CPE variants)
juan_ramon/osclass 2.0.1
juan_ramon/osclass 2.0.2
juan_ramon/osclass 2.0.3
juan_ramon/osclass 2.1
juan_ramon/osclass 2.1.1
juan_ramon/osclass 2.2
juan_ramon/osclass 2.2.1
... and 8 more
Published Sep 26, 2012
Tracked Since Feb 18, 2026