CVE-2014-6308

NUCLEI

OSClass <3.4.2 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Netsparker · textwebappsphp

https://www.exploit-db.com/exploits/34763

View Code ZIP pw:eip

Nuclei Templates (1)

Osclass Security Advisory 3.4.1 - Local File Inclusion

MEDIUMby daffainfo

References (5)

[Various Sources] http://blog.osclass.org/2014/09/15/osclass-3-4-2-ready-download/

[Various Sources] https://www.netsparker.com/lfi-vulnerability-in-osclass/

[Exploit] http://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html

[Exploit] https://github.com/osclass/Osclass/commit/c163bf5910d0d36424d7fc678da6b03a0e443435

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/533456/100/0/threaded

Scores

EPSS 0.7788

EPSS Percentile 99.0%

Details

CWE

CWE-22

Status published

Products (2)

osclass/osclass 3.4.0

osclass/osclass < 3.4.1

Published Oct 20, 2014

Tracked Since Feb 18, 2026