Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Osclass Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2016-10751 - Vulnerability Database
Osclass

Osclass Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2016-10751

High
Reference: CVE-2016-10751
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-10751
Title: Osclass Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.phppageajaxampactionajax_upload.